CVE-2022-40957 – Mozilla: Incoherent instruction cache when building WASM on ARM64
https://notcve.org/view.php?id=CVE-2022-40957
Inconsistent data in instruction and data cache when creating wasm code could lead to a potentially exploitable crash.<br>*This bug only affects Firefox on ARM64 platforms.*. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105. Los datos inconsistentes en las instrucciones y en el caché de datos al crear código wasm podrían provocar un fallo potencialmente explotable.<br>*Este error solo afecta a Firefox en plataformas ARM64.*. • https://bugzilla.mozilla.org/show_bug.cgi?id=1777604 https://www.mozilla.org/security/advisories/mfsa2022-40 https://www.mozilla.org/security/advisories/mfsa2022-41 https://www.mozilla.org/security/advisories/mfsa2022-42 https://access.redhat.com/security/cve/CVE-2022-40957 https://bugzilla.redhat.com/show_bug.cgi?id=2128796 • CWE-240: Improper Handling of Inconsistent Structural Elements •
CVE-2022-38474
https://notcve.org/view.php?id=CVE-2022-38474
A website that had permission to access the microphone could record audio without the audio notification being shown. This bug does not allow the attacker to bypass the permission prompt - it only affects the notification shown once permission has been granted.<br />*This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 104. • https://bugzilla.mozilla.org/show_bug.cgi?id=1719511 https://www.mozilla.org/security/advisories/mfsa2022-33 • CWE-668: Exposure of Resource to Wrong Sphere •
CVE-2022-38475
https://notcve.org/view.php?id=CVE-2022-38475
An attacker could have written a value to the first element in a zero-length JavaScript array. Although the array was zero-length, the value was not written to an invalid memory address. This vulnerability affects Firefox < 104. Un atacante podría haber escrito un valor en el primer elemento de una matriz JavaScript de longitud cero. Aunque la matriz tenía longitud cero, el valor no se escribió en una dirección de memoria no válida. • https://bugzilla.mozilla.org/show_bug.cgi?id=1773266 https://www.mozilla.org/security/advisories/mfsa2022-33 • CWE-863: Incorrect Authorization •
CVE-2022-38477 – Mozilla: Memory safety bugs fixed in Firefox 104 and Firefox ESR 102.2
https://notcve.org/view.php?id=CVE-2022-38477
Mozilla developer Nika Layzell and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 103 and Firefox ESR 102.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 102.2, Thunderbird < 102.2, and Firefox < 104. La desarrolladora de Mozilla, Nika Layzell, y el equipo Mozilla Fuzzing informaron errores de seguridad de la memoria presentes en Firefox 103 y Firefox ESR 102.1. Algunos de estos errores mostraron evidencia de corrupción de memoria y suponemos que con suficiente esfuerzo algunos de ellos podrían haberse aprovechado para ejecutar código arbitrario. • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1760611%2C1770219%2C1771159%2C1773363 https://www.mozilla.org/security/advisories/mfsa2022-33 https://www.mozilla.org/security/advisories/mfsa2022-34 https://www.mozilla.org/security/advisories/mfsa2022-36 https://access.redhat.com/security/cve/CVE-2022-38477 https://bugzilla.redhat.com/show_bug.cgi?id=2120695 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVE-2022-38478 – Mozilla: Memory safety bugs fixed in Firefox 104, Firefox ESR 102.2, and Firefox ESR 91.13
https://notcve.org/view.php?id=CVE-2022-38478
Members the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 103, Firefox ESR 102.1, and Firefox ESR 91.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 102.2, Thunderbird < 91.13, Firefox ESR < 91.13, Firefox ESR < 102.2, and Firefox < 104. Los miembros del equipo Mozilla Fuzzing informaron errores de seguridad de la memoria presentes en Firefox 103, Firefox ESR 102.1 y Firefox ESR 91.12. Algunos de estos errores mostraron evidencia de corrupción de memoria y suponemos que con suficiente esfuerzo algunos de ellos podrían haberse aprovechado para ejecutar código arbitrario. • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1770630%2C1776658 https://www.mozilla.org/security/advisories/mfsa2022-33 https://www.mozilla.org/security/advisories/mfsa2022-34 https://www.mozilla.org/security/advisories/mfsa2022-35 https://www.mozilla.org/security/advisories/mfsa2022-36 https://www.mozilla.org/security/advisories/mfsa2022-37 https://access.redhat.com/security/cve/CVE-2022-38478 https://bugzilla.redhat.com/show_bug.cgi?id=2120696 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •