CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 0CVE-2023-6208 – Mozilla: Using Selection API would copy contents into X11 primary selection.
https://notcve.org/view.php?id=CVE-2023-6208
21 Nov 2023 — When using X11, text selected by the page using the Selection API was erroneously copied into the primary selection, a temporary storage not unlike the clipboard. *This bug only affects Firefox on X11. Other systems are unaffected.* This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5. Al usar X11, el texto seleccionado por la página usando la API de selección se copiaba erróneamente en la selección principal, un almacenamiento temporal similar al portapapeles. *Este erro... • https://bugzilla.mozilla.org/show_bug.cgi?id=1855345 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 0CVE-2023-6207 – Mozilla: Use-after-free in ReadableByteStreamQueueEntry::Buffer
https://notcve.org/view.php?id=CVE-2023-6207
21 Nov 2023 — Ownership mismanagement led to a use-after-free in ReadableByteStreams This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5. La mala gestión de la propiedad provocó un uso después de la liberación en ReadableByteStreams. Esta vulnerabilidad afecta a Firefox < 120, Firefox < 115.5 y Thunderbird < 115.5.0. The Mozilla Foundation Security Advisory describes this flaw as: Ownership mismanagement led to a use-after-free in ReadableByteStreams USN-6509-1 fixed vulnerab... • https://bugzilla.mozilla.org/show_bug.cgi?id=1861344 • CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2023-6206 – Mozilla: Clickjacking permission prompts using the fullscreen transition
https://notcve.org/view.php?id=CVE-2023-6206
21 Nov 2023 — The black fade animation when exiting fullscreen is roughly the length of the anti-clickjacking delay on permission prompts. It was possible to use this fact to surprise users by luring them to click where the permission grant button would be about to appear. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5. La animación de desvanecimiento negro al salir de la pantalla completa es aproximadamente la duración del retraso anti-clickjacking en las solicitudes de permiso.... • https://bugzilla.mozilla.org/show_bug.cgi?id=1857430 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2023-6205 – Mozilla: Use-after-free in MessagePort::Entangled
https://notcve.org/view.php?id=CVE-2023-6205
21 Nov 2023 — It was possible to cause the use of a MessagePort after it had already been freed, which could potentially have led to an exploitable crash. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5. Era posible provocar el uso de un MessagePort después de que ya se había liberado, lo que podría haber provocado un fallo explotable. Esta vulnerabilidad afecta a Firefox < 120, Firefox < 115.5 y Thunderbird < 115.5.0. The Mozilla Foundation Security Advisory describes th... • https://bugzilla.mozilla.org/show_bug.cgi?id=1854076 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2023-6204 – Mozilla: Out-of-bound memory access in WebGL2 blitFramebuffer
https://notcve.org/view.php?id=CVE-2023-6204
21 Nov 2023 — On some systems—depending on the graphics settings and drivers—it was possible to force an out-of-bounds read and leak memory data into the images created on the canvas element. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5. En algunos sistemas, dependiendo de la configuración de gráficos y los controladores, era posible forzar una lectura fuera de los límites y filtrar datos de memoria en las imágenes creadas en el elemento del lienzo. Esta vulnerabilidad afecta a... • https://bugzilla.mozilla.org/show_bug.cgi?id=1841050 • CWE-125: Out-of-bounds Read •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-5758 – Gentoo Linux Security Advisory 202401-10
https://notcve.org/view.php?id=CVE-2023-5758
24 Oct 2023 — When opening a page in reader mode, the redirect URL could have caused attacker-controlled script to execute in a reflected Cross-Site Scripting (XSS) attack. This vulnerability affects Firefox for iOS < 119. Al abrir una página en modo lector, la URL de redireccionamiento podría haber provocado que se ejecutara un script controlado por el atacante en un ataque reflejado de Cross-Site Scripting (XSS). Esta vulnerabilidad afecta a Firefox para iOS < 119. Multiple vulnerabilities have been found in Mozilla... • https://bugzilla.mozilla.org/show_bug.cgi?id=1850019 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-5732 – Mozilla: Address bar spoofing via bidirectional characters
https://notcve.org/view.php?id=CVE-2023-5732
24 Oct 2023 — An attacker could have created a malicious link using bidirectional characters to spoof the location in the address bar when visited. This vulnerability affects Firefox < 117, Firefox ESR < 115.4, and Thunderbird < 115.4.1. Un atacante podría haber creado un enlace malicioso utilizando caracteres bidireccionales para falsificar la ubicación en la barra de direcciones cuando se visita. Esta vulnerabilidad afecta a Firefox < 117, Firefox ESR < 115.4 y Thunderbird < 115.4.1. The Mozilla Foundation Sec... • https://bugzilla.mozilla.org/show_bug.cgi?id=1690979 • CWE-450: Multiple Interpretations of UI Input •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-5731 – Gentoo Linux Security Advisory 202401-10
https://notcve.org/view.php?id=CVE-2023-5731
24 Oct 2023 — Memory safety bugs present in Firefox 118. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 119. Errores de seguridad de la memoria presentes en Firefox 118. Algunos de estos errores mostraron evidencia de corrupción de la memoria y suponemos que con suficiente esfuerzo algunos de ellos podrían haberse aprovechado para ejecutar código arbitrario. • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1690111%2C1721904%2C1851803%2C1854068 • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 5EXPL: 0CVE-2023-5730 – Mozilla: Memory safety bugs fixed in Firefox 119, Firefox ESR 115.4, and Thunderbird 115.4
https://notcve.org/view.php?id=CVE-2023-5730
24 Oct 2023 — Memory safety bugs present in Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1. Errores de seguridad de la memoria presentes en Firefox 118, Firefox ESR 115.3 y Thunderbird 115.3. Algunos de estos errores mostraron evidencia de corrupción de memoria y suponem... • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1836607%2C1840918%2C1848694%2C1848833%2C1850191%2C1850259%2C1852596%2C1853201%2C1854002%2C1855306%2C1855640%2C1856695 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-5729 – Gentoo Linux Security Advisory 202401-10
https://notcve.org/view.php?id=CVE-2023-5729
24 Oct 2023 — A malicious web site can enter fullscreen mode while simultaneously triggering a WebAuthn prompt. This could have obscured the fullscreen notification and could have been leveraged in a spoofing attack. This vulnerability affects Firefox < 119. Un sitio web malicioso puede ingresar al modo de pantalla completa y al mismo tiempo activar un mensaje de WebAuthn. Esto podría haber oscurecido la notificación en pantalla completa y podría haberse aprovechado en un ataque de suplantación de identidad. • https://bugzilla.mozilla.org/show_bug.cgi?id=1823720 •