CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2021-38504 – Mozilla: Use-after-free in file picker dialog
https://notcve.org/view.php?id=CVE-2021-38504
When interacting with an HTML input element's file picker dialog with webkitdirectory set, a use-after-free could have resulted, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. Cuando se interactúa con el diálogo del selector de archivos de un elemento de entrada HTML con webkitdirectory configurado, podría haberse producido un uso de memoria previamente liberada, conllevando a una corrupción de memoria y un bloqueo potencialmente explotable. Esta vulnerabilidad afecta a Firefox versiones anteriores a 94, Thunderbird versiones anteriores a 91.3 y Firefox ESR versiones anteriores a 91.3 The Mozilla Foundation Security Advisory describes this flaw as: When interacting with an HTML input element's file picker dialog with `webkitdirectory` set, a use-after-free could have resulted, leading to memory corruption and a potentially exploitable crash. • https://bugzilla.mozilla.org/show_bug.cgi?id=1730156 https://lists.debian.org/debian-lts-announce/2021/12/msg00030.html https://lists.debian.org/debian-lts-announce/2022/01/msg00001.html https://security.gentoo.org/glsa/202202-03 https://security.gentoo.org/glsa/202208-14 https://www.debian.org/security/2021/dsa-5026 https://www.debian.org/security/2022/dsa-5034 https://www.mozilla.org/security/advisories/mfsa2021-48 https://www.mozilla.org/security/advisories/mfsa2021-49 • CWE-416: Use After Free •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0CVE-2021-29991
https://notcve.org/view.php?id=CVE-2021-29991
Firefox incorrectly accepted a newline in a HTTP/3 header, interpretting it as two separate headers. This allowed for a header splitting attack against servers using HTTP/3. This vulnerability affects Firefox < 91.0.1 and Thunderbird < 91.0.1. Firefox aceptaba incorrectamente una nueva línea en un encabezado HTTP/3, interpretándola como dos encabezados separados. Esto permitía un ataque de división de encabezados contra servidores que usaban HTTP/3. • https://bugzilla.mozilla.org/show_bug.cgi?id=1724896 https://www.mozilla.org/security/advisories/mfsa2021-37 • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 1CVE-2021-38492
https://notcve.org/view.php?id=CVE-2021-38492
When delegating navigations to the operating system, Firefox would accept the `mk` scheme which might allow attackers to launch pages and execute scripts in Internet Explorer in unprivileged mode. *This bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 92, Thunderbird < 91.1, Thunderbird < 78.14, Firefox ESR < 78.14, and Firefox ESR < 91.1. Cuando se delegaba la navegación al sistema operativo, Firefox aceptaba el esquema "mk" que podía permitir a atacantes lanzar páginas y ejecutar scripts en Internet Explorer en modo no privilegiado. • https://bugzilla.mozilla.org/show_bug.cgi?id=1721107 https://security.gentoo.org/glsa/202208-14 https://www.mozilla.org/security/advisories/mfsa2021-38 https://www.mozilla.org/security/advisories/mfsa2021-39 https://www.mozilla.org/security/advisories/mfsa2021-40 https://www.mozilla.org/security/advisories/mfsa2021-41 https://www.mozilla.org/security/advisories/mfsa2021-42 •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-38495
https://notcve.org/view.php?id=CVE-2021-38495
Mozilla developers reported memory safety bugs present in Thunderbird 78.13.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 91.1 and Firefox ESR < 91.1. Los desarrolladores de Mozilla informaron de bugs de seguridad de memoria presentes en Thunderbird versión 78.13.0. Algunos de estos bugs mostraban evidencias de corrupción de memoria y suponemos que con suficiente esfuerzo algunos de ellos podrían haber sido explotados para ejecutar código arbitrario. • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1723391%2C1723920%2C1724101%2C1724107 https://security.gentoo.org/glsa/202202-03 https://security.gentoo.org/glsa/202208-14 https://www.mozilla.org/security/advisories/mfsa2021-40 https://www.mozilla.org/security/advisories/mfsa2021-41 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-38502 – Mozilla: Downgrade attack on SMTP STARTTLS connections
https://notcve.org/view.php?id=CVE-2021-38502
Thunderbird ignored the configuration to require STARTTLS security for an SMTP connection. A MITM could perform a downgrade attack to intercept transmitted messages, or could take control of the authenticated session to execute SMTP commands chosen by the MITM. If an unprotected authentication method was configured, the MITM could obtain the authentication credentials, too. This vulnerability affects Thunderbird < 91.2. Thunderbird ignoró la configuración para requerir seguridad STARTTLS para una conexión SMTP. • https://bugzilla.mozilla.org/show_bug.cgi?id=1733366 https://lists.debian.org/debian-lts-announce/2022/01/msg00001.html https://www.debian.org/security/2022/dsa-5034 https://www.mozilla.org/security/advisories/mfsa2021-47 https://access.redhat.com/security/cve/CVE-2021-38502 https://bugzilla.redhat.com/show_bug.cgi?id=2013469 • CWE-319: Cleartext Transmission of Sensitive Information •