CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-5728 – Mozilla: Improper object tracking during GC in the JavaScript engine could have led to a crash.
https://notcve.org/view.php?id=CVE-2023-5728
24 Oct 2023 — During garbage collection extra operations were performed on a object that should not be. This could have led to a potentially exploitable crash. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1. Durante la recolección de la "basura" se realizaron operaciones adicionales en un objeto que no debería realizarse. Esto podría haber provocado un fallo potencialmente explotable. • https://bugzilla.mozilla.org/show_bug.cgi?id=1852729 • CWE-401: Missing Release of Memory after Effective Lifetime CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-5727 – Gentoo Linux Security Advisory 202402-25
https://notcve.org/view.php?id=CVE-2023-5727
24 Oct 2023 — The executable file warning was not presented when downloading .msix, .msixbundle, .appx, and .appxbundle files, which can run commands on a user's computer. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1. La advertencia de archivo ejecutable no se presentó al descargar archivos .msix, .msixbundle, .appx, y .appxbundle, que pueden ejecutar comandos en el ordenador de ... • https://bugzilla.mozilla.org/show_bug.cgi?id=1847180 •
CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 0CVE-2023-5726 – Gentoo Linux Security Advisory 202402-25
https://notcve.org/view.php?id=CVE-2023-5726
24 Oct 2023 — A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion and possible spoofing attacks. *Note: This issue only affected macOS operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1. Un sitio web podría haber oscurecido la notificación de pantalla completa utilizando el cuadro de diálogo de apertura de archivo. • https://bugzilla.mozilla.org/show_bug.cgi?id=1846205 •
CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0CVE-2023-5725 – Mozilla: WebExtensions could open arbitrary URLs
https://notcve.org/view.php?id=CVE-2023-5725
24 Oct 2023 — A malicious installed WebExtension could open arbitrary URLs, which under the right circumstance could be leveraged to collect sensitive user data. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1. Una WebExtension maliciosa instalada podría abrir URL arbitrarias, que en las circunstancias adecuadas podrían aprovecharse para recopilar datos confidenciales del usuario. Esta vulnerabilidad afecta a Firefox < 119, Firefox ESR < 115.4 y Thunderbird < 115.4.1. The... • https://bugzilla.mozilla.org/show_bug.cgi?id=1845739 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-5724 – Mozilla: Large WebGL draw could have led to a crash
https://notcve.org/view.php?id=CVE-2023-5724
24 Oct 2023 — Drivers are not always robust to extremely large draw calls and in some cases this scenario could have led to a crash. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1. Los controladores no siempre son resistentes a las llamadas de "dibujo" extremadamente grandes y, en algunos casos, este escenario podría haber provocado un bloqueo. Esta vulnerabilidad afecta a Firefox < 119, Firefox ESR < 115.4 y Thunderbird < 115.4.1. The Mozilla Foundation Security Advisor... • https://bugzilla.mozilla.org/show_bug.cgi?id=1836705 • CWE-400: Uncontrolled Resource Consumption CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-5723 – Ubuntu Security Notice USN-6456-2
https://notcve.org/view.php?id=CVE-2023-5723
24 Oct 2023 — An attacker with temporary script access to a site could have set a cookie containing invalid characters using `document.cookie` that could have led to unknown errors. This vulnerability affects Firefox < 119. Un atacante con acceso temporal a un script de un sitio podría haber configurado una cookie que contenía caracteres no válidos utilizando `document.cookie`, lo que podría haber provocado errores desconocidos. Esta vulnerabilidad afecta a Firefox < 119. USN-6456-1 fixed vulnerabilities in Firefox. • https://bugzilla.mozilla.org/show_bug.cgi?id=1802057 •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-5722 – Gentoo Linux Security Advisory 202401-10
https://notcve.org/view.php?id=CVE-2023-5722
24 Oct 2023 — Using iterative requests an attacker was able to learn the size of an opaque response, as well as the contents of a server-supplied Vary header. This vulnerability affects Firefox < 119. Mediante solicitudes iterativas, un atacante pudo conocer el tamaño de una respuesta opaque, así como el contenido de un encabezado Vary proporcionado por el servidor. Esta vulnerabilidad afecta a Firefox < 119. Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could lead to remote code exec... • https://bugzilla.mozilla.org/show_bug.cgi?id=1738426 • CWE-203: Observable Discrepancy •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-5721 – Mozilla: Queued up rendering could have allowed websites to clickjack
https://notcve.org/view.php?id=CVE-2023-5721
24 Oct 2023 — It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an insufficient activation-delay. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1. Era posible que el usuario activara o descartara ciertas indicaciones y cuadros de diálogo del navegador debido a una insuficiente activación del delay. Esta vulnerabilidad afecta a Firefox < 119, Firefox ESR < 115.4 y Thunderbird < 115.4.1. A flaw was found ... • https://bugzilla.mozilla.org/show_bug.cgi?id=1830820 • CWE-356: Product UI does not Warn User of Unsafe Actions CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 10.0EPSS: 75%CPEs: 25EXPL: 2CVE-2023-5217 – Google Chromium libvpx Heap Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2023-5217
28 Sep 2023 — Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) El desbordamiento del búfer en la codificación vp8 en libvpx en Google Chrome anterior a 117.0.5938.132 y libvpx 1.13.1 permitía a un atacante remoto explotar potencialmente la corrupción del montón a través de una página HTML manipulada. (Severidad de seguridad de Chrome: alta) A... • https://github.com/UT-Security/cve-2023-5217-poc • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-5175 – Gentoo Linux Security Advisory 202401-10
https://notcve.org/view.php?id=CVE-2023-5175
27 Sep 2023 — During process shutdown, it was possible that an `ImageBitmap` was created that would later be used after being freed from a different codepath, leading to a potentially exploitable crash. This vulnerability affects Firefox < 118. Durante el cierre del proceso, era posible que se creara un "ImageBitmap" que luego se usaría después de liberarse de una ruta de código diferente, lo que provocaría un bloqueo potencialmente explotable. Esta vulnerabilidad afecta a Firefox < 118. Multiple vulnerabilities have ... • https://bugzilla.mozilla.org/show_bug.cgi?id=1849704 • CWE-416: Use After Free •