CVSS: 10.0EPSS: 0%CPEs: 36EXPL: 0CVE-2024-8382 – mozilla: Internal event interfaces were exposed to web content when browser EventHandler listener callbacks ran
https://notcve.org/view.php?id=CVE-2024-8382
03 Sep 2024 — Internal browser event interfaces were exposed to web content when privileged EventHandler listener callbacks ran for those events. Web content that tried to use those interfaces would not be able to use them with elevated privileges, but their presence would indicate certain browser features had been used, such as when a user opened the Dev Tools console. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, and Firefox ESR < 115.15. Internal browser event interfaces were exposed to web content wh... • https://bugzilla.mozilla.org/show_bug.cgi?id=1906744 • CWE-273: Improper Check for Dropped Privileges CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 10.0EPSS: 12%CPEs: 36EXPL: 1CVE-2024-8381 – mozilla: Type confusion when looking up a property name in a "with" block
https://notcve.org/view.php?id=CVE-2024-8381
03 Sep 2024 — A potentially exploitable type confusion could be triggered when looking up a property name on an object being used as the `with` environment. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, and Firefox ESR < 115.15. A potentially exploitable type confusion could be triggered when looking up a property name on an object being used as the `with` environment. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, Firefox ESR < 115.15, Thunderbird < 128.2, and Thunderbird < 115.15. The M... • https://github.com/bjrjk/CVE-2024-8381 • CWE-704: Incorrect Type Conversion or Cast CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 10.0EPSS: 0%CPEs: 22EXPL: 1CVE-2024-45492 – libexpat: integer overflow
https://notcve.org/view.php?id=CVE-2024-45492
30 Aug 2024 — An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX). A flaw was found in libexpat's internal nextScaffoldPart function in xmlparse.c. It can have an integer overflow for m_groupSize on 32-bit platforms where UINT_MAX equals SIZE_MAX. Multiple vulnerabilities have been discovered in QtWebEngine, the worst of which could lead to arbitrary code execution. Versions greater than or equal... • https://github.com/nidhihcl75/external_expat_2.6.2_CVE-2024-45492 • CWE-190: Integer Overflow or Wraparound •
CVSS: 9.8EPSS: 0%CPEs: 21EXPL: 0CVE-2024-45490 – libexpat: Negative Length Parsing Vulnerability in libexpat
https://notcve.org/view.php?id=CVE-2024-45490
30 Aug 2024 — An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer. A flaw was found in libexpat's xmlparse.c component. This vulnerability allows an attacker to cause improper handling of XML data by providing a negative length value to the XML_ParseBuffer function. Shang-Hung Wan discovered that Expat, contained within the xmltok library, did not properly handle certain function calls when a negative input length was provided. An attacker could use this issu... • https://github.com/libexpat/libexpat/issues/887 • CWE-190: Integer Overflow or Wraparound •
CVSS: 10.0EPSS: 0%CPEs: 22EXPL: 0CVE-2024-45491 – libexpat: Integer Overflow or Wraparound
https://notcve.org/view.php?id=CVE-2024-45491
30 Aug 2024 — An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX). An issue was found in libexpat’s internal dtdCopy function in xmlparse.c, It can have an integer overflow for nDefaultAtts on 32-bit platforms where UINT_MAX equals SIZE_MAX. Shang-Hung Wan discovered that Expat, contained within the xmltok library, did not properly handle certain function calls when a negative input length was provided. ... • https://github.com/libexpat/libexpat/issues/888 • CWE-190: Integer Overflow or Wraparound •
CVSS: 8.8EPSS: 0%CPEs: 34EXPL: 0CVE-2024-7348 – PostgreSQL relation replacement during pg_dump executes arbitrary SQL
https://notcve.org/view.php?id=CVE-2024-7348
08 Aug 2024 — Time-of-check Time-of-use (TOCTOU) race condition in pg_dump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pg_dump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack requires waiting for pg_dump to start, but winning the race condition is trivial if the attacker retains an open transaction. Versions before PostgreSQL 16.4, 15.8, 14.13, 13.16, and 12.20 are affected. A vulnerability was foun... • https://www.postgresql.org/support/security/CVE-2024-7348 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 8.1EPSS: 0%CPEs: 34EXPL: 0CVE-2024-7529 – mozilla: Document content could partially obscure security prompts
https://notcve.org/view.php?id=CVE-2024-7529
06 Aug 2024 — The date picker could partially obscure security prompts. This could be used by a malicious site to trick a user into granting permissions. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, and Firefox ESR < 128.1. The date picker could partially obscure security prompts. This could be used by a malicious site to trick a user into granting permissions. • https://bugzilla.mozilla.org/show_bug.cgi?id=1903187 • CWE-451: User Interface (UI) Misrepresentation of Critical Information •
CVSS: 10.0EPSS: 0%CPEs: 31EXPL: 0CVE-2024-7528 – mozilla: Use-after-free in IndexedDB
https://notcve.org/view.php?id=CVE-2024-7528
06 Aug 2024 — Incorrect garbage collection interaction in IndexedDB could have led to a use-after-free. This vulnerability affects Firefox < 129 and Firefox ESR < 128.1. Incorrect garbage collection interaction in IndexedDB could have led to a use-after-free. This vulnerability affects Firefox < 129, Firefox ESR < 128.1, and Thunderbird < 128.1. The Mozilla Foundation Security Advisory describes this flaw as: Incorrect garbage collection interaction in IndexedDB could have led to a use-after-free. • https://bugzilla.mozilla.org/show_bug.cgi?id=1895951 • CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 34EXPL: 0CVE-2024-7527 – mozilla: Use-after-free in JavaScript garbage collection
https://notcve.org/view.php?id=CVE-2024-7527
06 Aug 2024 — Unexpected marking work at the start of sweeping could have led to a use-after-free. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, and Firefox ESR < 128.1. Unexpected marking work at the start of sweeping could have led to a use-after-free. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14. The Mozilla Foundation Security Advisory describes this flaw as: Unexpected marking work at the start of sweeping could h... • https://bugzilla.mozilla.org/show_bug.cgi?id=1871303 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 33EXPL: 0CVE-2024-7526 – mozilla: Uninitialized memory used by WebGL
https://notcve.org/view.php?id=CVE-2024-7526
06 Aug 2024 — ANGLE failed to initialize parameters which lead to reading from uninitialized memory. This could be leveraged to leak sensitive data from memory. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, and Firefox ESR < 128.1. ANGLE failed to initialize parameters which lead to reading from uninitialized memory. This could be leveraged to leak sensitive data from memory. • https://bugzilla.mozilla.org/show_bug.cgi?id=1910306 • CWE-908: Use of Uninitialized Resource •