CVSS: 10.0EPSS: 0%CPEs: 34EXPL: 0CVE-2024-7527 – mozilla: Use-after-free in JavaScript garbage collection
https://notcve.org/view.php?id=CVE-2024-7527
06 Aug 2024 — Unexpected marking work at the start of sweeping could have led to a use-after-free. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, and Firefox ESR < 128.1. Unexpected marking work at the start of sweeping could have led to a use-after-free. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14. The Mozilla Foundation Security Advisory describes this flaw as: Unexpected marking work at the start of sweeping could h... • https://bugzilla.mozilla.org/show_bug.cgi?id=1871303 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 33EXPL: 0CVE-2024-7526 – mozilla: Uninitialized memory used by WebGL
https://notcve.org/view.php?id=CVE-2024-7526
06 Aug 2024 — ANGLE failed to initialize parameters which lead to reading from uninitialized memory. This could be leveraged to leak sensitive data from memory. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, and Firefox ESR < 128.1. ANGLE failed to initialize parameters which lead to reading from uninitialized memory. This could be leveraged to leak sensitive data from memory. • https://bugzilla.mozilla.org/show_bug.cgi?id=1910306 • CWE-908: Use of Uninitialized Resource •
CVSS: 9.4EPSS: 0%CPEs: 34EXPL: 0CVE-2024-7525 – mozilla: Missing permission check when creating a StreamFilter
https://notcve.org/view.php?id=CVE-2024-7525
06 Aug 2024 — It was possible for a web extension with minimal permissions to create a `StreamFilter` which could be used to read and modify the response body of requests on any site. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, and Firefox ESR < 128.1. It was possible for a web extension with minimal permissions to create a `StreamFilter` which could be used to read and modify the response body of requests on any site. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1... • https://bugzilla.mozilla.org/show_bug.cgi?id=1909298 • CWE-269: Improper Privilege Management CWE-284: Improper Access Control •
CVSS: 10.0EPSS: 0%CPEs: 34EXPL: 0CVE-2024-7522 – mozilla: Out of bounds read in editor component
https://notcve.org/view.php?id=CVE-2024-7522
06 Aug 2024 — Editor code failed to check an attribute value. This could have led to an out-of-bounds read. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, and Firefox ESR < 128.1. Editor code failed to check an attribute value. This could have led to an out-of-bounds read. • https://bugzilla.mozilla.org/show_bug.cgi?id=1906727 • CWE-125: Out-of-bounds Read •
CVSS: 10.0EPSS: 0%CPEs: 34EXPL: 0CVE-2024-7521 – mozilla: Incomplete WebAssembly exception handing
https://notcve.org/view.php?id=CVE-2024-7521
06 Aug 2024 — Incomplete WebAssembly exception handing could have led to a use-after-free. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, and Firefox ESR < 128.1. Incomplete WebAssembly exception handing could have led to a use-after-free. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14. The Mozilla Foundation Security Advisory describes this flaw as: Incomplete WebAssembly exception handing could have led to a use-after-f... • https://bugzilla.mozilla.org/show_bug.cgi?id=1904644 • CWE-416: Use After Free CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 10.0EPSS: 0%CPEs: 31EXPL: 0CVE-2024-7520 – mozilla: Type confusion in WebAssembly
https://notcve.org/view.php?id=CVE-2024-7520
06 Aug 2024 — A type confusion bug in WebAssembly could be leveraged by an attacker to potentially achieve code execution. This vulnerability affects Firefox < 129 and Firefox ESR < 128.1. A type confusion bug in WebAssembly could be leveraged by an attacker to potentially achieve code execution. This vulnerability affects Firefox < 129, Firefox ESR < 128.1, and Thunderbird < 128.1. The Mozilla Foundation Security Advisory describes this flaw as: A type confusion bug in WebAssembly could be leveraged by an attacker to po... • https://bugzilla.mozilla.org/show_bug.cgi?id=1903041 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 33EXPL: 0CVE-2024-7519 – mozilla: Out of bounds memory access in graphics shared memory handling
https://notcve.org/view.php?id=CVE-2024-7519
06 Aug 2024 — Insufficient checks when processing graphics shared memory could have led to memory corruption. This could be leveraged by an attacker to perform a sandbox escape. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, and Firefox ESR < 128.1. Insufficient checks when processing graphics shared memory could have led to memory corruption. This could be leveraged by an attacker to perform a sandbox escape. • https://bugzilla.mozilla.org/show_bug.cgi?id=1902307 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 31EXPL: 0CVE-2024-7518 – mozilla: Fullscreen notification dialog can be obscured by document content
https://notcve.org/view.php?id=CVE-2024-7518
06 Aug 2024 — Select options could obscure the fullscreen notification dialog. This could be used by a malicious site to perform a spoofing attack. This vulnerability affects Firefox < 129 and Firefox ESR < 128.1. Select options could obscure the fullscreen notification dialog. This could be used by a malicious site to perform a spoofing attack. • https://bugzilla.mozilla.org/show_bug.cgi?id=1875354 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 7.5EPSS: 0%CPEs: 12EXPL: 1CVE-2024-7055 – FFmpeg pnmdec.c pnm_decode_frame heap-based overflow
https://notcve.org/view.php?id=CVE-2024-7055
06 Aug 2024 — A vulnerability was found in FFmpeg up to 7.0.1. It has been classified as critical. This affects the function pnm_decode_frame in the library /libavcodec/pnmdec.c. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely. • https://ffmpeg.org • CWE-122: Heap-based Buffer Overflow •
CVSS: 5.3EPSS: 0%CPEs: 20EXPL: 0CVE-2024-40794 – Apple Security Advisory 07-29-2024-1
https://notcve.org/view.php?id=CVE-2024-40794
29 Jul 2024 — This issue was addressed through improved state management. This issue is fixed in macOS Sonoma 14.6, iOS 17.6 and iPadOS 17.6, Safari 17.6. Private Browsing tabs may be accessed without authentication. The WebKitGTK web engine suffers from multiple vulnerabilities. An anonymous researcher discovered that processing maliciously crafted web content may lead to an unexpected process crash. • https://support.apple.com/en-us/HT214121 • CWE-287: Improper Authentication •