CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-23956 – Gentoo Linux Security Advisory 202102-01
https://notcve.org/view.php?id=CVE-2021-23956
01 Feb 2021 — An ambiguous file picker design could have confused users who intended to select and upload a single file into uploading a whole directory. This was addressed by adding a new prompt. This vulnerability affects Firefox < 85. Un diseño de selector de archivos ambiguos podría haber confundido a usuarios que pretendían seleccionar y cargar un solo archivo para cargar un directorio completo. Esto se solucionó al agregar un nuevo aviso. • https://bugzilla.mozilla.org/show_bug.cgi?id=1338637 •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-23965 – Gentoo Linux Security Advisory 202102-01
https://notcve.org/view.php?id=CVE-2021-23965
01 Feb 2021 — Mozilla developers reported memory safety bugs present in Firefox 84. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 85. Los desarrolladores de Mozilla reportaron bugs de seguridad de la memoria presentes en Firefox versión 84. Algunos de estos bugs mostraron evidencia de corrupción de la memoria y suponemos que con esfuerzo suficiente algunos de ellos podrían h... • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1670378%2C1673555%2C1676812%2C1678582%2C1684497 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-23962 – Gentoo Linux Security Advisory 202102-01
https://notcve.org/view.php?id=CVE-2021-23962
01 Feb 2021 — Incorrect use of the '
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-23958 – Gentoo Linux Security Advisory 202102-01
https://notcve.org/view.php?id=CVE-2021-23958
01 Feb 2021 — The browser could have been confused into transferring a screen sharing state into another tab, which would leak unintended information. This vulnerability affects Firefox < 85. El navegador podría haber sido confundido en transferir un estado de pantalla compartida a otra pestaña, lo que filtraría información no deseada. Esta vulnerabilidad afecta a Firefox versiones anteriores a 85 Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, a... • https://bugzilla.mozilla.org/show_bug.cgi?id=1642747 • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 7.4EPSS: 0%CPEs: 3EXPL: 0CVE-2021-23961 – Mozilla: More internal network hosts could have been probed by a malicious webpage
https://notcve.org/view.php?id=CVE-2021-23961
01 Feb 2021 — Further techniques that built on the slipstream research combined with a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine. This vulnerability affects Firefox < 85. Otras técnicas que se basaron en la investigación de slipstream combinada con una página web maliciosa podrían haber expuesto tanto los hosts de una red interna como los servicios que se ejecutan en la máquina local del usuario. Esta vulnerabilidad afecta a Firefox ... • https://bugzilla.mozilla.org/show_bug.cgi?id=1677940 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-23964 – Mozilla: Memory safety bugs fixed in Firefox 85 and Firefox ESR 78.7
https://notcve.org/view.php?id=CVE-2021-23964
28 Jan 2021 — Mozilla developers reported memory safety bugs present in Firefox 84 and Firefox ESR 78.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7. Los desarrolladores de Mozilla reportaron bugs de seguridad de la memoria presentes en Firefox versión 84 y Firefox ESR versión 78.6. Algunos de estos bugs mostraron evidenc... • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1662507%2C1666285%2C1673526%2C1674278%2C1674835%2C1675097%2C1675844%2C1675868%2C1677590%2C1677888%2C1680410%2C1681268%2C1682068%2C1682938%2C1683736%2C1685260%2C1685925 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-23960 – Mozilla: Use-after-poison for incorrectly redeclared JavaScript variables during GC
https://notcve.org/view.php?id=CVE-2021-23960
28 Jan 2021 — Performing garbage collection on re-declared JavaScript variables resulted in a user-after-poison, and a potentially exploitable crash. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7. Realizar una recolección de basura en variables de JavaScript declaradas nuevamente resultó en un usuario después del envenenamiento y un bloqueo potencialmente explotable. Esta vulnerabilidad afecta a Firefox versiones anteriores a 85, Thunderbird versiones anteriores a 78,7 y Firefox... • https://bugzilla.mozilla.org/show_bug.cgi?id=1675755 • CWE-626: Null Byte Interaction Error (Poison Null Byte) •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-23954 – Mozilla: Type confusion when using logical assignment operators in JavaScript switch statements
https://notcve.org/view.php?id=CVE-2021-23954
28 Jan 2021 — Using the new logical assignment operators in a JavaScript switch statement could have caused a type confusion, leading to a memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7. Usando los nuevos operadores de asignación lógica en una declaración de cambio de JavaScript podría haber causado una confusión de tipos, conllevando a una corrupción de la memoria y un bloqueo potencialmente explotable. Esta vulnerabilidad a... • https://bugzilla.mozilla.org/show_bug.cgi?id=1684020 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2021-23953 – Mozilla: Cross-origin information leakage via redirected PDF requests
https://notcve.org/view.php?id=CVE-2021-23953
28 Jan 2021 — If a user clicked into a specifically crafted PDF, the PDF reader could be confused into leaking cross-origin information, when said information is served as chunked data. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7. Si un usuario hace clic en un PDF diseñado específicamente, el lector de PDF podría confundirse y filtrar información de origen cruzado, cuando dicha información es servida como datos fragmentados. Esta vulnerabilidad afecta a Firefox versiones anter... • https://bugzilla.mozilla.org/show_bug.cgi?id=1683940 • CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-26975
https://notcve.org/view.php?id=CVE-2020-26975
07 Jan 2021 — When a malicious application installed on the user's device broadcast an Intent to Firefox for Android, arbitrary headers could have been specified, leading to attacks such as abusing ambient authority or session fixation. This was resolved by only allowing certain safe-listed headers. *Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 84. • https://bugzilla.mozilla.org/show_bug.cgi?id=1661071 •