CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-34468 – Mozilla: CSP sandbox header without `allow-scripts` can be bypassed via retargeted javascript: URI
https://notcve.org/view.php?id=CVE-2022-34468
An iframe that was not permitted to run scripts could do so if the user clicked on a <code>javascript:</code> link. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11. Un iframe al que no se le permitía ejecutar scripts podría hacerlo si el usuario hacía clic en un enlace <code>javascript:</code>. Esta vulnerabilidad afecta a Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102 y Thunderbird < 91.11. The Mozilla Foundation Security Advisory describes this flaw as: An iframe that was not permitted to run scripts could do so if the user clicked on a `javascript:` link. • https://bugzilla.mozilla.org/show_bug.cgi?id=1768537 https://www.mozilla.org/security/advisories/mfsa2022-24 https://www.mozilla.org/security/advisories/mfsa2022-25 https://www.mozilla.org/security/advisories/mfsa2022-26 https://access.redhat.com/security/cve/CVE-2022-34468 https://bugzilla.redhat.com/show_bug.cgi?id=2102163 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 1CVE-2022-34484 – Mozilla: Memory safety bugs fixed in Firefox 102 and Firefox ESR 91.11
https://notcve.org/view.php?id=CVE-2022-34484
The Mozilla Fuzzing Team reported potential vulnerabilities present in Thunderbird 91.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11. El equipo Mozilla Fuzzing informó sobre posibles vulnerabilidades presentes en Thunderbird 91.10. Algunos de estos errores mostraron evidencia de corrupción de memoria y suponemos que con suficiente esfuerzo algunos de ellos podrían haberse aprovechado para ejecutar código arbitrario. • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1763634%2C1772651 https://www.mozilla.org/security/advisories/mfsa2022-24 https://www.mozilla.org/security/advisories/mfsa2022-25 https://www.mozilla.org/security/advisories/mfsa2022-26 https://access.redhat.com/security/cve/CVE-2022-34484 https://bugzilla.redhat.com/show_bug.cgi?id=2102169 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-416: Use After Free •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-34470 – Mozilla: Use-after-free in nsSHistory
https://notcve.org/view.php?id=CVE-2022-34470
Session history navigations may have led to a use-after-free and potentially exploitable crash. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11. Las navegaciones del historial de sesiones pueden haber provocado un bloqueo de use-after-free y potencialmente explotable. Esta vulnerabilidad afecta a Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102 y Thunderbird < 91.11. The Mozilla Foundation Security Advisory describes this flaw as: Session history navigations may have led to a use-after-free and potentially exploitable crash. • https://bugzilla.mozilla.org/show_bug.cgi?id=1765951 https://www.mozilla.org/security/advisories/mfsa2022-24 https://www.mozilla.org/security/advisories/mfsa2022-25 https://www.mozilla.org/security/advisories/mfsa2022-26 https://access.redhat.com/security/cve/CVE-2022-34470 https://bugzilla.redhat.com/show_bug.cgi?id=2102162 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-2200 – Mozilla: Undesired attributes could be set as part of prototype pollution
https://notcve.org/view.php?id=CVE-2022-2200
If an object prototype was corrupted by an attacker, they would have been able to set undesired attributes on a JavaScript object, leading to privileged code execution. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11. Si un atacante corrompiera el prototipo de un objeto, habría podido establecer atributos no deseados en un objeto JavaScript, lo que habría llevado a la ejecución de código privilegiado. Esta vulnerabilidad afecta a Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102 y Thunderbird < 91.11. The Mozilla Foundation Security Advisory describes this flaw as: If an object prototype was corrupted by an attacker, they would have been able to set undesired attributes on a JavaScript object, leading to privileged code execution. • https://bugzilla.mozilla.org/show_bug.cgi?id=1771381 https://www.mozilla.org/security/advisories/mfsa2022-24 https://www.mozilla.org/security/advisories/mfsa2022-25 https://www.mozilla.org/security/advisories/mfsa2022-26 https://access.redhat.com/security/cve/CVE-2022-2200 https://bugzilla.redhat.com/show_bug.cgi?id=2102168 • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2022-34472 – Mozilla: Unavailable PAC file resulted in OCSP requests being blocked
https://notcve.org/view.php?id=CVE-2022-34472
If there was a PAC URL set and the server that hosts the PAC was not reachable, OCSP requests would have been blocked, resulting in incorrect error pages being shown. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11. Si hubiera una URL de PAC configurada y no se pudiera acceder al servidor que aloja el PAC, las solicitudes de OCSP se habrían bloqueado, lo que provocaría que se mostraran páginas de error incorrectas. Esta vulnerabilidad afecta a Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102 y Thunderbird < 91.11. A flaw was found in Mozilla. • https://bugzilla.mozilla.org/show_bug.cgi?id=1770123 https://www.mozilla.org/security/advisories/mfsa2022-24 https://www.mozilla.org/security/advisories/mfsa2022-25 https://www.mozilla.org/security/advisories/mfsa2022-26 https://access.redhat.com/security/cve/CVE-2022-34472 https://bugzilla.redhat.com/show_bug.cgi?id=2102166 • CWE-393: Return of Wrong Status Code •