CVSS: 10.0EPSS: 1%CPEs: 6EXPL: 0CVE-2023-6207 – Mozilla: Use-after-free in ReadableByteStreamQueueEntry::Buffer
https://notcve.org/view.php?id=CVE-2023-6207
21 Nov 2023 — Ownership mismanagement led to a use-after-free in ReadableByteStreams This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5. La mala gestión de la propiedad provocó un uso después de la liberación en ReadableByteStreams. Esta vulnerabilidad afecta a Firefox < 120, Firefox < 115.5 y Thunderbird < 115.5.0. The Mozilla Foundation Security Advisory describes this flaw as: Ownership mismanagement led to a use-after-free in ReadableByteStreams USN-6509-1 fixed vulnerab... • https://bugzilla.mozilla.org/show_bug.cgi?id=1861344 • CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2023-6206 – Mozilla: Clickjacking permission prompts using the fullscreen transition
https://notcve.org/view.php?id=CVE-2023-6206
21 Nov 2023 — The black fade animation when exiting fullscreen is roughly the length of the anti-clickjacking delay on permission prompts. It was possible to use this fact to surprise users by luring them to click where the permission grant button would be about to appear. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5. La animación de desvanecimiento negro al salir de la pantalla completa es aproximadamente la duración del retraso anti-clickjacking en las solicitudes de permiso.... • https://bugzilla.mozilla.org/show_bug.cgi?id=1857430 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 7.8EPSS: 1%CPEs: 6EXPL: 0CVE-2023-6205 – Mozilla: Use-after-free in MessagePort::Entangled
https://notcve.org/view.php?id=CVE-2023-6205
21 Nov 2023 — It was possible to cause the use of a MessagePort after it had already been freed, which could potentially have led to an exploitable crash. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5. Era posible provocar el uso de un MessagePort después de que ya se había liberado, lo que podría haber provocado un fallo explotable. Esta vulnerabilidad afecta a Firefox < 120, Firefox < 115.5 y Thunderbird < 115.5.0. The Mozilla Foundation Security Advisory describes th... • https://bugzilla.mozilla.org/show_bug.cgi?id=1854076 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2023-6204 – Mozilla: Out-of-bound memory access in WebGL2 blitFramebuffer
https://notcve.org/view.php?id=CVE-2023-6204
21 Nov 2023 — On some systems—depending on the graphics settings and drivers—it was possible to force an out-of-bounds read and leak memory data into the images created on the canvas element. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5. En algunos sistemas, dependiendo de la configuración de gráficos y los controladores, era posible forzar una lectura fuera de los límites y filtrar datos de memoria en las imágenes creadas en el elemento del lienzo. Esta vulnerabilidad afecta a... • https://bugzilla.mozilla.org/show_bug.cgi?id=1841050 • CWE-125: Out-of-bounds Read •
CVSS: 10.0EPSS: 3%CPEs: 6EXPL: 1CVE-2023-6112 – Gentoo Linux Security Advisory 202311-11
https://notcve.org/view.php?id=CVE-2023-6112
15 Nov 2023 — Use after free in Navigation in Google Chrome prior to 119.0.6045.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Use after free en Navegación en Google Chrome anterior a 119.0.6045.159 permitía a un atacante remoto explotar potencialmente la corrupción del heap a través de una página HTML manipulada. (Severidad de seguridad de Chrome: alta) Multiple vulnerabilities have been discovered in Chromium and its derivatives, the wors... • https://packetstorm.news/files/id/176721 • CWE-416: Use After Free •
CVSS: 10.0EPSS: 3%CPEs: 6EXPL: 0CVE-2023-5997 – Gentoo Linux Security Advisory 202311-11
https://notcve.org/view.php?id=CVE-2023-5997
15 Nov 2023 — Use after free in Garbage Collection in Google Chrome prior to 119.0.6045.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Use after free en Garbage Collection en Google Chrome anterior a 119.0.6045.159 permitía a un atacante remoto explotar potencialmente la corrupción del heap a través de una página HTML manipulada. (Severidad de seguridad de Chrome: alta) Multiple vulnerabilities have been discovered in Chromium and its deriv... • https://chromereleases.googleblog.com/2023/11/stable-channel-update-for-desktop_14.html • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 446EXPL: 1CVE-2023-23583 – Debian Security Advisory 5563-1
https://notcve.org/view.php?id=CVE-2023-23583
14 Nov 2023 — Sequence of processor instructions leads to unexpected behavior for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege and/or information disclosure and/or denial of service via local access. La secuencia de instrucciones del procesador genera un comportamiento inesperado en Intel(R) Processors que pueden permitir que un usuario autenticado potencialmente habilite la escalada de privilegios y/o la divulgación de información y/o la denegación de servicio a ... • https://github.com/Mav3r1ck0x1/CVE-2023-23583-Reptar- • CWE-276: Incorrect Default Permissions CWE-1281: Sequence of Processor Instructions Leads to Unexpected Behavior •
CVSS: 10.0EPSS: 1%CPEs: 5EXPL: 0CVE-2023-5996 – Gentoo Linux Security Advisory 202311-11
https://notcve.org/view.php?id=CVE-2023-5996
08 Nov 2023 — Use after free in WebAudio in Google Chrome prior to 119.0.6045.123 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) El use after free en WebAudio en Google Chrome anterior a 119.0.6045.123 permitía a un atacante remoto explotar potencialmente la corrupción del heap a través de una página HTML manipulada. (Severidad de seguridad de Chrome: alta) Multiple vulnerabilities have been discovered in Chromium and its derivatives, the worst... • https://chromereleases.googleblog.com/2023/11/stable-channel-update-for-desktop.html • CWE-416: Use After Free •
CVSS: 6.4EPSS: 0%CPEs: 8EXPL: 0CVE-2023-47272 – Ubuntu Security Notice USN-6848-1
https://notcve.org/view.php?id=CVE-2023-47272
05 Nov 2023 — Roundcube 1.5.x before 1.5.6 and 1.6.x before 1.6.5 allows XSS via a Content-Type or Content-Disposition header (used for attachment preview or download). Roundcube 1.5.x anterior a 1.5.6 y 1.6.x anterior a 1.6.5 permite XSS a través de un encabezado Content-Type o Content-Disposition (utilizado para la vista previa o descarga de archivos adjuntos). Matthieu Faou and Denys Klymenko discovered that Roundcube incorrectly handled certain SVG images. A remote attacker could possibly use this issue to load arbit... • https://github.com/roundcube/roundcubemail/commit/5ec496885e18ec6af956e8c0d627856c2257ba2d • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 6EXPL: 0CVE-2023-5859 – Gentoo Linux Security Advisory 202311-11
https://notcve.org/view.php?id=CVE-2023-5859
01 Nov 2023 — Incorrect security UI in Picture In Picture in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform domain spoofing via a crafted local HTML page. (Chromium security severity: Low) La interfaz de usuario de seguridad incorrecta en Imagen sobre Imagen en Google Chrome anterior a 119.0.6045.105 permitía a un atacante remoto realizar una suplantación de dominio a través de una página HTML local manipulada. (Severidad de seguridad de Chrome: baja) Multiple vulnerabilities have been discove... • https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_31.html • CWE-346: Origin Validation Error •