CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 1CVE-2021-23999 – Mozilla: Blob URLs may have been granted additional privileges
https://notcve.org/view.php?id=CVE-2021-23999
If a Blob URL was loaded through some unusual user interaction, it could have been loaded by the System Principal and granted additional privileges that should not be granted to web content. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88. Si una URL Blob se cargó mediante alguna interacción inusual del usuario, podría haber sido cargada por el Principal del Sistema y conceder privilegios adicionales que no deberían concederse al contenido web. Esta vulnerabilidad afecta a Firefox ESR versiones anteriores a 78.10, Thunderbird versiones anteriores a 78.10 y Firefox versiones anteriores a 88 • https://bugzilla.mozilla.org/show_bug.cgi?id=1691153 https://www.mozilla.org/security/advisories/mfsa2021-14 https://www.mozilla.org/security/advisories/mfsa2021-15 https://www.mozilla.org/security/advisories/mfsa2021-16 https://access.redhat.com/security/cve/CVE-2021-23999 https://bugzilla.redhat.com/show_bug.cgi?id=1951368 • CWE-269: Improper Privilege Management CWE-281: Improper Preservation of Permissions CWE-697: Incorrect Comparison •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-29945 – Mozilla: Incorrect size computation in WebAssembly JIT could lead to null-reads
https://notcve.org/view.php?id=CVE-2021-29945
The WebAssembly JIT could miscalculate the size of a return type, which could lead to a null read and result in a crash. *Note: This issue only affected x86-32 platforms. Other platforms are unaffected.*. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88. El JIT de WebAssembly podía calcular mal el tamaño de un tipo de retorno, lo que podía conllevar a una lectura nula y resultar en un bloqueo. • https://bugzilla.mozilla.org/show_bug.cgi?id=1700690 https://www.mozilla.org/security/advisories/mfsa2021-14 https://www.mozilla.org/security/advisories/mfsa2021-15 https://www.mozilla.org/security/advisories/mfsa2021-16 https://access.redhat.com/security/cve/CVE-2021-29945 https://bugzilla.redhat.com/show_bug.cgi?id=1951370 • CWE-476: NULL Pointer Dereference CWE-682: Incorrect Calculation •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-23984 – Mozilla: Malicious extensions could have spoofed popup information
https://notcve.org/view.php?id=CVE-2021-23984
A malicious extension could have opened a popup window lacking an address bar. The title of the popup lacking an address bar should not be fully controllable, but in this situation was. This could have been used to spoof a website and attempt to trick the user into providing credentials. This vulnerability affects Firefox ESR < 78.9, Firefox < 87, and Thunderbird < 78.9. Una extensión maliciosa podría haber abierto una ventana emergente sin una barra de direcciones. • https://bugzilla.mozilla.org/show_bug.cgi?id=1693664 https://www.mozilla.org/security/advisories/mfsa2021-10 https://www.mozilla.org/security/advisories/mfsa2021-11 https://www.mozilla.org/security/advisories/mfsa2021-12 https://access.redhat.com/security/cve/CVE-2021-23984 https://bugzilla.redhat.com/show_bug.cgi?id=1942786 • CWE-290: Authentication Bypass by Spoofing CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 8.1EPSS: 0%CPEs: 3EXPL: 0CVE-2021-23981 – Mozilla: Texture upload into an unbound backing buffer resulted in an out-of-bound read
https://notcve.org/view.php?id=CVE-2021-23981
A texture upload of a Pixel Buffer Object could have confused the WebGL code to skip binding the buffer used to unpack it, resulting in memory corruption and a potentially exploitable information leak or crash. This vulnerability affects Firefox ESR < 78.9, Firefox < 87, and Thunderbird < 78.9. Una carga de textura de un Objeto de Búfer de Píxeles podría haber confundido el código WebGL para omitir el enlace del búfer usado para descomprimirlo, resultando en la corrupción de la memoria y una filtración o bloqueo de información potencialmente explotable. Esta vulnerabilidad afecta a Firefox ESR versión 78.9, Firefox versiones anteriores a 87, and Thunderbird versiones anteriores a 78.9. The Mozilla Foundation Security Advisory describes this issue as: A texture upload of a Pixel Buffer Object could have confused the WebGL code to skip binding the buffer used to unpack it, resulting in memory corruption and a potentially exploitable information leak or crash. • https://bugzilla.mozilla.org/show_bug.cgi?id=1692832 https://www.mozilla.org/security/advisories/mfsa2021-10 https://www.mozilla.org/security/advisories/mfsa2021-11 https://www.mozilla.org/security/advisories/mfsa2021-12 https://access.redhat.com/security/cve/CVE-2021-23981 https://bugzilla.redhat.com/show_bug.cgi?id=1942783 • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-23982 – Mozilla: Internal network hosts could have been probed by a malicious webpage
https://notcve.org/view.php?id=CVE-2021-23982
Using techniques that built on the slipstream research, a malicious webpage could have scanned both an internal network's hosts as well as services running on the user's local machine utilizing WebRTC connections. This vulnerability affects Firefox ESR < 78.9, Firefox < 87, and Thunderbird < 78.9. Usando técnicas que se basaron en la investigación de slipstream, una página web maliciosa podría haber escaneado tanto los hosts de una red interna como los servicios que se ejecutan en la máquina local del usuario usando conexiones WebRTC. Esta vulnerabilidad afecta a Firefox ESR versiones anteriores a 78.9, Firefox versiones anteriores a 87, y Thunderbird versiones anteriores a 78.9 • https://bugzilla.mozilla.org/show_bug.cgi?id=1677046 https://www.mozilla.org/security/advisories/mfsa2021-10 https://www.mozilla.org/security/advisories/mfsa2021-11 https://www.mozilla.org/security/advisories/mfsa2021-12 https://access.redhat.com/security/cve/CVE-2021-23982 https://bugzilla.redhat.com/show_bug.cgi?id=1942785 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-326: Inadequate Encryption Strength •