Page 48 of 1933 results (0.010 seconds)

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2022-46879

https://notcve.org/view.php?id=CVE-2022-46879

Mozilla developers and community members Lukas Bernhard, Gabriele Svelto, Randell Jesup, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 107. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 108. • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1736224%2C1793407%2C1794249%2C1795845%2C1797682%2C1797720%2C1798494%2C1799479 https://security.gentoo.org/glsa/202305-06 https://www.mozilla.org/security/advisories/mfsa2022-51 • CWE-787: Out-of-bounds Write •

CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0

CVE-2022-46871 – Mozilla: libusrsctp library out of date

https://notcve.org/view.php?id=CVE-2022-46871

An out of date library (libusrsctp) contained vulnerabilities that could potentially be exploited. This vulnerability affects Firefox < 108. The Mozilla Foundation Security Advisory describes this flaw as: An out of date library (libusrsctp) contained vulnerabilities that could potentially be exploited. • https://bugzilla.mozilla.org/show_bug.cgi?id=1795697 https://lists.debian.org/debian-lts-announce/2023/01/msg00015.html https://lists.debian.org/debian-lts-announce/2023/02/msg00018.html https://security.gentoo.org/glsa/202305-06 https://security.gentoo.org/glsa/202305-13 https://www.debian.org/security/2023/dsa-5322 https://www.debian.org/security/2023/dsa-5355 https://www.mozilla.org/security/advisories/mfsa2022-51 https://access.redhat.com/security/cve/CVE-2022-46871 • CWE-1104: Use of Unmaintained Third Party Components •

CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0

CVE-2022-46877 – Mozilla: Fullscreen notification bypass

https://notcve.org/view.php?id=CVE-2022-46877

By confusing the browser, the fullscreen notification could have been delayed or suppressed, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox < 108. The Mozilla Foundation Security Advisory describes this flaw as: By confusing the browser, the fullscreen notification could have been delayed or suppressed, resulting in potential user confusion or spoofing attacks. • https://bugzilla.mozilla.org/show_bug.cgi?id=1795139 https://lists.debian.org/debian-lts-announce/2023/01/msg00015.html https://lists.debian.org/debian-lts-announce/2023/02/msg00018.html https://security.gentoo.org/glsa/202305-06 https://security.gentoo.org/glsa/202305-13 https://www.debian.org/security/2023/dsa-5322 https://www.debian.org/security/2023/dsa-5355 https://www.mozilla.org/security/advisories/mfsa2022-51 https://access.redhat.com/security/cve/CVE-2022-46877 • CWE-357: Insufficient UI Warning of Dangerous Operations •

CVSS: 8.6EPSS: 0%CPEs: 4EXPL: 0

CVE-2022-46872 – Mozilla: Arbitrary file read from a compromised content process

https://notcve.org/view.php?id=CVE-2022-46872

An attacker who compromised a content process could have partially escaped the sandbox to read arbitrary files via clipboard-related IPC messages.<br>*This bug only affects Thunderbird for Linux. Other operating systems are unaffected.*. This vulnerability affects Firefox < 108, Firefox ESR < 102.6, and Thunderbird < 102.6. The Mozilla Foundation Security Advisory describes this flaw as: An attacker who compromised a content process could have partially escaped the sandbox to read arbitrary files via clipboard-related IPC messages. *This bug only affects Firefox for Linux. • https://bugzilla.mozilla.org/show_bug.cgi?id=1799156 https://security.gentoo.org/glsa/202305-06 https://security.gentoo.org/glsa/202305-13 https://www.mozilla.org/security/advisories/mfsa2022-51 https://www.mozilla.org/security/advisories/mfsa2022-52 https://www.mozilla.org/security/advisories/mfsa2022-53 https://access.redhat.com/security/cve/CVE-2022-46872 https://bugzilla.redhat.com/show_bug.cgi?id=2153441 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 8.8EPSS: 1%CPEs: 3EXPL: 0

CVE-2022-46874 – Mozilla: Drag and Dropped Filenames could have been truncated to malicious extensions

https://notcve.org/view.php?id=CVE-2022-46874

A file with a long filename could have had its filename truncated to remove the valid extension, leaving a malicious extension in its place. This could potentially led to user confusion and the execution of malicious code.<br/>*Note*: This issue was originally included in the advisories for Thunderbird 102.6, but a patch (specific to Thunderbird) was omitted, resulting in it actually being fixed in Thunderbird 102.6.1. This vulnerability affects Firefox < 108, Thunderbird < 102.6.1, Thunderbird < 102.6, and Firefox ESR < 102.6. The Mozilla Foundation Security Advisory describes this flaw as: A file with a long filename could have had its filename truncated to remove the valid extension, leaving a malicious extension in its place. • https://bugzilla.mozilla.org/show_bug.cgi?id=1746139 https://security.gentoo.org/glsa/202305-06 https://security.gentoo.org/glsa/202305-13 https://www.mozilla.org/security/advisories/mfsa2022-51 https://www.mozilla.org/security/advisories/mfsa2022-52 https://www.mozilla.org/security/advisories/mfsa2022-53 https://www.mozilla.org/security/advisories/mfsa2022-54 https://access.redhat.com/security/cve/CVE-2022-46874 https://bugzilla.redhat.com/show_bug.cgi?id=2153449 • CWE-222: Truncation of Security-relevant Information •