Page 48 of 2505 results (0.008 seconds)

CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0

CVE-2022-46877 – Mozilla: Fullscreen notification bypass

https://notcve.org/view.php?id=CVE-2022-46877

By confusing the browser, the fullscreen notification could have been delayed or suppressed, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox < 108. The Mozilla Foundation Security Advisory describes this flaw as: By confusing the browser, the fullscreen notification could have been delayed or suppressed, resulting in potential user confusion or spoofing attacks. • https://bugzilla.mozilla.org/show_bug.cgi?id=1795139 https://lists.debian.org/debian-lts-announce/2023/01/msg00015.html https://lists.debian.org/debian-lts-announce/2023/02/msg00018.html https://security.gentoo.org/glsa/202305-06 https://security.gentoo.org/glsa/202305-13 https://www.debian.org/security/2023/dsa-5322 https://www.debian.org/security/2023/dsa-5355 https://www.mozilla.org/security/advisories/mfsa2022-51 https://access.redhat.com/security/cve/CVE-2022-46877 • CWE-357: Insufficient UI Warning of Dangerous Operations •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2022-46873

https://notcve.org/view.php?id=CVE-2022-46873

Because Firefox did not implement the <code>unsafe-hashes</code> CSP directive, an attacker who was able to inject markup into a page otherwise protected by a Content Security Policy may have been able to inject executable script. This would be severely constrained by the specified Content Security Policy of the document. This vulnerability affects Firefox < 108. • https://bugzilla.mozilla.org/show_bug.cgi?id=1644790 https://security.gentoo.org/glsa/202305-06 https://www.mozilla.org/security/advisories/mfsa2022-51 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •

CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0

CVE-2022-46871 – Mozilla: libusrsctp library out of date

https://notcve.org/view.php?id=CVE-2022-46871

An out of date library (libusrsctp) contained vulnerabilities that could potentially be exploited. This vulnerability affects Firefox < 108. The Mozilla Foundation Security Advisory describes this flaw as: An out of date library (libusrsctp) contained vulnerabilities that could potentially be exploited. • https://bugzilla.mozilla.org/show_bug.cgi?id=1795697 https://lists.debian.org/debian-lts-announce/2023/01/msg00015.html https://lists.debian.org/debian-lts-announce/2023/02/msg00018.html https://security.gentoo.org/glsa/202305-06 https://security.gentoo.org/glsa/202305-13 https://www.debian.org/security/2023/dsa-5322 https://www.debian.org/security/2023/dsa-5355 https://www.mozilla.org/security/advisories/mfsa2022-51 https://access.redhat.com/security/cve/CVE-2022-46871 • CWE-1104: Use of Unmaintained Third Party Components •

CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0

CVE-2022-46881 – Mozilla: Memory corruption in WebGL

https://notcve.org/view.php?id=CVE-2022-46881

An optimization in WebGL was incorrect in some cases, and could have led to memory corruption and a potentially exploitable crash. *Note*: This advisory was added on December 13th, 2022 after we better understood the impact of the issue. The fix was included in the original release of Firefox 106. This vulnerability affects Firefox < 106, Firefox ESR < 102.6, and Thunderbird < 102.6. Una optimización en WebGL era incorrecta en algunos casos, y podría haber provocado daños en la memoria y un bloqueo potencialmente explotable. *Nota*: Este aviso se agregó el 13 de diciembre de 2022 después de que entendiéramos mejor el impacto del problema. • https://bugzilla.mozilla.org/show_bug.cgi?id=1770930 https://security.gentoo.org/glsa/202305-06 https://security.gentoo.org/glsa/202305-13 https://www.mozilla.org/security/advisories/mfsa2022-44 https://www.mozilla.org/security/advisories/mfsa2022-52 https://www.mozilla.org/security/advisories/mfsa2022-53 https://access.redhat.com/security/cve/CVE-2022-46881 https://bugzilla.redhat.com/show_bug.cgi?id=2153466 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •

CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0

CVE-2022-46882 – Mozilla: Use-after-free in WebGL

https://notcve.org/view.php?id=CVE-2022-46882

A use-after-free in WebGL extensions could have led to a potentially exploitable crash. This vulnerability affects Firefox < 107, Firefox ESR < 102.6, and Thunderbird < 102.6. The Mozilla Foundation Security Advisory describes this flaw as: A use-after-free in WebGL extensions could have led to a potentially exploitable crash. • https://bugzilla.mozilla.org/show_bug.cgi?id=1789371 https://security.gentoo.org/glsa/202305-06 https://security.gentoo.org/glsa/202305-13 https://www.mozilla.org/security/advisories/mfsa2022-47 https://www.mozilla.org/security/advisories/mfsa2022-52 https://www.mozilla.org/security/advisories/mfsa2022-53 https://access.redhat.com/security/cve/CVE-2022-46882 https://bugzilla.redhat.com/show_bug.cgi?id=2153467 • CWE-416: Use After Free •