CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-5729 – Gentoo Linux Security Advisory 202401-10
https://notcve.org/view.php?id=CVE-2023-5729
24 Oct 2023 — A malicious web site can enter fullscreen mode while simultaneously triggering a WebAuthn prompt. This could have obscured the fullscreen notification and could have been leveraged in a spoofing attack. This vulnerability affects Firefox < 119. Un sitio web malicioso puede ingresar al modo de pantalla completa y al mismo tiempo activar un mensaje de WebAuthn. Esto podría haber oscurecido la notificación en pantalla completa y podría haberse aprovechado en un ataque de suplantación de identidad. • https://bugzilla.mozilla.org/show_bug.cgi?id=1823720 •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-5728 – Mozilla: Improper object tracking during GC in the JavaScript engine could have led to a crash.
https://notcve.org/view.php?id=CVE-2023-5728
24 Oct 2023 — During garbage collection extra operations were performed on a object that should not be. This could have led to a potentially exploitable crash. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1. Durante la recolección de la "basura" se realizaron operaciones adicionales en un objeto que no debería realizarse. Esto podría haber provocado un fallo potencialmente explotable. • https://bugzilla.mozilla.org/show_bug.cgi?id=1852729 • CWE-401: Missing Release of Memory after Effective Lifetime CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-5727 – Gentoo Linux Security Advisory 202402-25
https://notcve.org/view.php?id=CVE-2023-5727
24 Oct 2023 — The executable file warning was not presented when downloading .msix, .msixbundle, .appx, and .appxbundle files, which can run commands on a user's computer. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1. La advertencia de archivo ejecutable no se presentó al descargar archivos .msix, .msixbundle, .appx, y .appxbundle, que pueden ejecutar comandos en el ordenador de ... • https://bugzilla.mozilla.org/show_bug.cgi?id=1847180 •
CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 0CVE-2023-5726 – Gentoo Linux Security Advisory 202402-25
https://notcve.org/view.php?id=CVE-2023-5726
24 Oct 2023 — A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion and possible spoofing attacks. *Note: This issue only affected macOS operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1. Un sitio web podría haber oscurecido la notificación de pantalla completa utilizando el cuadro de diálogo de apertura de archivo. • https://bugzilla.mozilla.org/show_bug.cgi?id=1846205 •
CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0CVE-2023-5725 – Mozilla: WebExtensions could open arbitrary URLs
https://notcve.org/view.php?id=CVE-2023-5725
24 Oct 2023 — A malicious installed WebExtension could open arbitrary URLs, which under the right circumstance could be leveraged to collect sensitive user data. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1. Una WebExtension maliciosa instalada podría abrir URL arbitrarias, que en las circunstancias adecuadas podrían aprovecharse para recopilar datos confidenciales del usuario. Esta vulnerabilidad afecta a Firefox < 119, Firefox ESR < 115.4 y Thunderbird < 115.4.1. The... • https://bugzilla.mozilla.org/show_bug.cgi?id=1845739 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-5724 – Mozilla: Large WebGL draw could have led to a crash
https://notcve.org/view.php?id=CVE-2023-5724
24 Oct 2023 — Drivers are not always robust to extremely large draw calls and in some cases this scenario could have led to a crash. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1. Los controladores no siempre son resistentes a las llamadas de "dibujo" extremadamente grandes y, en algunos casos, este escenario podría haber provocado un bloqueo. Esta vulnerabilidad afecta a Firefox < 119, Firefox ESR < 115.4 y Thunderbird < 115.4.1. The Mozilla Foundation Security Advisor... • https://bugzilla.mozilla.org/show_bug.cgi?id=1836705 • CWE-400: Uncontrolled Resource Consumption CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-5723 – Ubuntu Security Notice USN-6456-2
https://notcve.org/view.php?id=CVE-2023-5723
24 Oct 2023 — An attacker with temporary script access to a site could have set a cookie containing invalid characters using `document.cookie` that could have led to unknown errors. This vulnerability affects Firefox < 119. Un atacante con acceso temporal a un script de un sitio podría haber configurado una cookie que contenía caracteres no válidos utilizando `document.cookie`, lo que podría haber provocado errores desconocidos. Esta vulnerabilidad afecta a Firefox < 119. USN-6456-1 fixed vulnerabilities in Firefox. • https://bugzilla.mozilla.org/show_bug.cgi?id=1802057 •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-5722 – Gentoo Linux Security Advisory 202401-10
https://notcve.org/view.php?id=CVE-2023-5722
24 Oct 2023 — Using iterative requests an attacker was able to learn the size of an opaque response, as well as the contents of a server-supplied Vary header. This vulnerability affects Firefox < 119. Mediante solicitudes iterativas, un atacante pudo conocer el tamaño de una respuesta opaque, así como el contenido de un encabezado Vary proporcionado por el servidor. Esta vulnerabilidad afecta a Firefox < 119. Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could lead to remote code exec... • https://bugzilla.mozilla.org/show_bug.cgi?id=1738426 • CWE-203: Observable Discrepancy •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-5721 – Mozilla: Queued up rendering could have allowed websites to clickjack
https://notcve.org/view.php?id=CVE-2023-5721
24 Oct 2023 — It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an insufficient activation-delay. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1. Era posible que el usuario activara o descartara ciertas indicaciones y cuadros de diálogo del navegador debido a una insuficiente activación del delay. Esta vulnerabilidad afecta a Firefox < 119, Firefox ESR < 115.4 y Thunderbird < 115.4.1. A flaw was found ... • https://bugzilla.mozilla.org/show_bug.cgi?id=1830820 • CWE-356: Product UI does not Warn User of Unsafe Actions CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 10.0EPSS: 1%CPEs: 25EXPL: 2CVE-2023-5217 – Google Chromium libvpx Heap Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2023-5217
28 Sep 2023 — Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) El desbordamiento del búfer en la codificación vp8 en libvpx en Google Chrome anterior a 117.0.5938.132 y libvpx 1.13.1 permitía a un atacante remoto explotar potencialmente la corrupción del montón a través de una página HTML manipulada. (Severidad de seguridad de Chrome: alta) A... • https://github.com/UT-Security/cve-2023-5217-poc • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •