CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-45412 – Mozilla: Symlinks may resolve to partially uninitialized buffers
https://notcve.org/view.php?id=CVE-2022-45412
When resolving a symlink such as <code>file:///proc/self/fd/1</code>, an error message may be produced where the symlink was resolved to a string containing unitialized memory in the buffer. <br>*This bug only affects Thunderbird on Unix-based operated systems (Android, Linux, MacOS). Windows is unaffected.*. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107. Al resolver un enlace simbólico como <code>file:///proc/self/fd/1</code>, se puede producir un mensaje de error donde el enlace simbólico se resolvió en una cadena que contiene memoria no inicializada en el búfer. • https://bugzilla.mozilla.org/show_bug.cgi?id=1791029 https://www.mozilla.org/security/advisories/mfsa2022-47 https://www.mozilla.org/security/advisories/mfsa2022-48 https://www.mozilla.org/security/advisories/mfsa2022-49 https://access.redhat.com/security/cve/CVE-2022-45412 https://bugzilla.redhat.com/show_bug.cgi?id=2143205 • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2022-45413
https://notcve.org/view.php?id=CVE-2022-45413
Using the <code>S.browser_fallback_url parameter</code> parameter, an attacker could redirect a user to a URL and cause SameSite=Strict cookies to be sent.<br>*This issue only affects Firefox for Android. Other operating systems are not affected.*. This vulnerability affects Firefox < 107. • https://bugzilla.mozilla.org/show_bug.cgi?id=1791201 https://www.mozilla.org/security/advisories/mfsa2022-47 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-3266
https://notcve.org/view.php?id=CVE-2022-3266
An out-of-bounds read can occur when decoding H264 video. This results in a potentially exploitable crash. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105. Puede ocurrir una lectura fuera de los límites al decodificar video H264. Esto da como resultado un bloqueo potencialmente explotable. • https://bugzilla.mozilla.org/show_bug.cgi?id=1767360 https://www.mozilla.org/security/advisories/mfsa2022-40 https://www.mozilla.org/security/advisories/mfsa2022-41 https://www.mozilla.org/security/advisories/mfsa2022-42 • CWE-125: Out-of-bounds Read •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-42930
https://notcve.org/view.php?id=CVE-2022-42930
If two Workers were simultaneously initializing their CacheStorage, a data race could have occurred in the `ThirdPartyUtil` component. This vulnerability affects Firefox < 106. Si dos trabajadores inicializaran simultáneamente su CacheStorage, podría haberse producido una "carrera" de datos en el componente 'ThirdPartyUtil'. Esta vulnerabilidad afecta a Firefox < 106. • https://bugzilla.mozilla.org/show_bug.cgi?id=1789503 https://www.mozilla.org/security/advisories/mfsa2022-44 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-42931
https://notcve.org/view.php?id=CVE-2022-42931
Logins saved by Firefox should be managed by the Password Manager component which uses encryption to save files on-disk. Instead, the username (not password) was saved by the Form Manager to an unencrypted file on disk. This vulnerability affects Firefox < 106. Los inicios de sesión guardados por Firefox deben ser administrados por el componente Administrador de contraseñas, que utiliza cifrado para guardar archivos en el disco. En cambio, el Administrador de formularios guardó el nombre de usuario (no la contraseña) en un archivo no cifrado en el disco. • https://bugzilla.mozilla.org/show_bug.cgi?id=1780571 https://www.mozilla.org/security/advisories/mfsa2022-44 • CWE-312: Cleartext Storage of Sensitive Information •