CVSS: 8.8EPSS: 1%CPEs: 5EXPL: 0CVE-2021-30547 – chromium-browser: Out of bounds write in ANGLE
https://notcve.org/view.php?id=CVE-2021-30547
15 Jun 2021 — Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. Una escritura fuera de límites en ANGLE en Google Chrome versiones anteriores a 91.0.4472.101 permitía a un atacante remoto potencialmente llevar a cabo un acceso a la memoria fuera de límites por medio de una página HTML diseñada It was discovered that Thunderbird didn't ignore IMAP server responses prior to completion of the STARTTLS han... • https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop.html • CWE-787: Out-of-bounds Write •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2021-29964 – openSUSE Security Advisory - openSUSE-SU-2021:0858-1
https://notcve.org/view.php?id=CVE-2021-29964
09 Jun 2021 — A locally-installed hostile program could send `WM_COPYDATA` messages that Firefox would process incorrectly, leading to an out-of-bounds read. *This bug only affects Firefox on Windows. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 78.11, Firefox < 89, and Firefox ESR < 78.11. Un programa hostil instalado localmente podría enviar mensajes "WM_COPYDATA" que Firefox procesaría incorrectamente, conllevando una lectura fuera de límites. • https://bugzilla.mozilla.org/show_bug.cgi?id=1706501 • CWE-125: Out-of-bounds Read •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-29959 – Ubuntu Security Notice USN-4978-1
https://notcve.org/view.php?id=CVE-2021-29959
03 Jun 2021 — When a user has already allowed a website to access microphone and camera, disabling camera sharing would not fully prevent the website from re-enabling it without an additional prompt. This was only possible if the website kept recording with the microphone until re-enabling the camera. This vulnerability affects Firefox < 89. Cuando un usuario ya ha permitido a un sitio web acceder al micrófono y a la cámara, la desactivación del uso compartido de la cámara no impedía completamente que el sitio web volvie... • https://bugzilla.mozilla.org/show_bug.cgi?id=1395819 • CWE-863: Incorrect Authorization •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-29960 – Ubuntu Security Notice USN-4978-1
https://notcve.org/view.php?id=CVE-2021-29960
03 Jun 2021 — Firefox used to cache the last filename used for printing a file. When generating a filename for printing, Firefox usually suggests the web page title. The caching and suggestion techniques combined may have lead to the title of a website visited during private browsing mode being stored on disk. This vulnerability affects Firefox < 89. Firefox solía almacenar en caché el último nombre de archivo utilizado para imprimir un archivo. • https://bugzilla.mozilla.org/show_bug.cgi?id=1675965 • CWE-669: Incorrect Resource Transfer Between Spheres •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-29966 – Ubuntu Security Notice USN-4978-1
https://notcve.org/view.php?id=CVE-2021-29966
03 Jun 2021 — Mozilla developers reported memory safety bugs present in Firefox 88. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 89. Los desarrolladores de Mozilla han reportado bugs de seguridad de memoria presentes en Firefox versión 88. Algunos de estos bugs mostraban evidencias de corrupción de memoria y presumimos que con suficiente esfuerzo algunos de ellos podrían ha... • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1660307%2C1686154%2C1702948%2C1708124 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-29967 – Mozilla: Memory safety bugs fixed in Firefox 89 and Firefox ESR 78.11
https://notcve.org/view.php?id=CVE-2021-29967
03 Jun 2021 — Mozilla developers reported memory safety bugs present in Firefox 88 and Firefox ESR 78.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.11, Firefox < 89, and Firefox ESR < 78.11. Los desarrolladores de Mozilla han reportado bugs de seguridad de memoria presentes en Firefox versión 88 y Firefox ESR versión 78.11. Algunos de estos bugs mostraban evidenci... • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1602862%2C1703191%2C1703760%2C1704722%2C1706041 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2011-3656
https://notcve.org/view.php?id=CVE-2011-3656
02 Jun 2021 — Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.6.24 and 4.x through 7 allows remote attackers to inject arbitrary web script or HTML via vectors involving HTTP 0.9 errors, non-default ports, and content-sniffing. Una vulnerabilidad de tipo Cross-site scripting (XSS) en Mozilla Firefox versiones anteriores a 3.6.24 y versión 4.x hasta 7, permite a atacantes remotos inyectar script web o HTML arbitrario por medio de vectores que implican errores HTTP 0.9, puertos no predeterminados y la ... • https://bugzilla.mozilla.org/show_bug.cgi?id=667907 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 1CVE-2021-29951 – Mozilla Windows Maintenance Service Weak DACL
https://notcve.org/view.php?id=CVE-2021-29951
11 May 2021 — The Mozilla Maintenance Service granted SERVICE_START access to BUILTIN|Users which, in a domain network, grants normal remote users access to start or stop the service. This could be used to prevent the browser update service from operating (if an attacker spammed the 'Stop' command); but also exposed attack surface in the maintenance service. *Note: This issue only affected Windows operating systems older than Win 10 build 1709. Other operating systems are unaffected.*. This vulnerability affects Thunderb... • https://packetstorm.news/files/id/162522 • CWE-269: Improper Privilege Management •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-29952 – Ubuntu Security Notice USN-4942-1
https://notcve.org/view.php?id=CVE-2021-29952
11 May 2021 — When Web Render components were destructed, a race condition could have caused undefined behavior, and we presume that with enough effort may have been exploitable to run arbitrary code. This vulnerability affects Firefox < 88.0.1 and Firefox for Android < 88.1.3. Cuando se destruían los componentes de Web Render, una condición de carrera podría haber causado un comportamiento indefinido, y presumimos que con suficiente esfuerzo podría haber sido explotable para ejecutar código arbitrario. Esta vulnerabilid... • https://bugzilla.mozilla.org/show_bug.cgi?id=1704227 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-23996 – Ubuntu Security Notice USN-4926-1
https://notcve.org/view.php?id=CVE-2021-23996
27 Apr 2021 — By utilizing 3D CSS in conjunction with Javascript, content could have been rendered outside the webpage's viewport, resulting in a spoofing attack that could have been used for phishing or other attacks on a user. This vulnerability affects Firefox < 88. Al utilizar CSS 3D en conjunción con Javascript, el contenido podría haber sido renderizado fuera de la ventana gráfica de la página web, dando lugar a un ataque de suplantación de identidad que podría haber sido utilizado para el phishing u otros ataques ... • https://bugzilla.mozilla.org/show_bug.cgi?id=1701834 •