CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-29914 – Mozilla: Fullscreen notification bypass using popups
https://notcve.org/view.php?id=CVE-2022-29914
When reusing existing popups Firefox would have allowed them to cover the fullscreen notification UI, which could have enabled browser spoofing attacks. This vulnerability affects Thunderbird < 91.9, Firefox ESR < 91.9, and Firefox < 100. Al reutilizar ventanas emergentes existentes, Firefox les habría permitido cubrir la interfaz de usuario de notificación en pantalla completa, lo que podría haber permitido ataques de suplantación de identidad del navegador. Esta vulnerabilidad afecta a Thunderbird < 91.9, Firefox ESR < 91.9 y Firefox < 100. A flaw was found in Mozilla. • https://bugzilla.mozilla.org/show_bug.cgi?id=1746448 https://www.mozilla.org/security/advisories/mfsa2022-16 https://www.mozilla.org/security/advisories/mfsa2022-17 https://www.mozilla.org/security/advisories/mfsa2022-18 https://access.redhat.com/security/cve/CVE-2022-29914 https://bugzilla.redhat.com/show_bug.cgi?id=2081468 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 4CVE-2022-28286 – Mozilla: iframe contents could be rendered outside the border
https://notcve.org/view.php?id=CVE-2022-28286
Due to a layout change, iframe contents could have been rendered outside of its border. This could have led to user confusion or spoofing attacks. This vulnerability affects Thunderbird < 91.8, Firefox < 99, and Firefox ESR < 91.8. Debido a un cambio de diseño, es posible que el contenido del iframe se haya representado fuera de su borde. Esto podría haber provocado confusión en el usuario o ataques de suplantación de identidad. • https://bugzilla.mozilla.org/show_bug.cgi?id=1735265 https://www.mozilla.org/security/advisories/mfsa2022-13 https://www.mozilla.org/security/advisories/mfsa2022-14 https://www.mozilla.org/security/advisories/mfsa2022-15 https://access.redhat.com/security/cve/CVE-2022-28286 https://bugzilla.redhat.com/show_bug.cgi?id=2072564 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 4CVE-2022-28285 – Mozilla: Incorrect AliasSet used in JIT Codegen
https://notcve.org/view.php?id=CVE-2022-28285
When generating the assembly code for <code>MLoadTypedArrayElementHole</code>, an incorrect AliasSet was used. In conjunction with another vulnerability this could have been used for an out of bounds memory read. This vulnerability affects Thunderbird < 91.8, Firefox < 99, and Firefox ESR < 91.8. Al generar el código ensamblador para <code>MLoadTypedArrayElementHole</code>, se utilizó un AliasSet incorrecto. Junto con otra vulnerabilidad, esto podría haberse utilizado para una lectura de memoria fuera de los límites. • https://bugzilla.mozilla.org/show_bug.cgi?id=1756957 https://www.mozilla.org/security/advisories/mfsa2022-13 https://www.mozilla.org/security/advisories/mfsa2022-14 https://www.mozilla.org/security/advisories/mfsa2022-15 https://access.redhat.com/security/cve/CVE-2022-28285 https://bugzilla.redhat.com/show_bug.cgi?id=2072563 • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 5CVE-2022-28281 – Mozilla: Out of bounds write due to unexpected WebAuthN Extensions
https://notcve.org/view.php?id=CVE-2022-28281
If a compromised content process sent an unexpected number of WebAuthN Extensions in a Register command to the parent process, an out of bounds write would have occurred leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 91.8, Firefox < 99, and Firefox ESR < 91.8. Si un proceso de contenido comprometido envió una cantidad inesperada de extensiones WebAuthN en un comando de registro al proceso principal, se habría producido una escritura fuera de los límites que provocaría daños en la memoria y un bloqueo potencialmente explotable. Esta vulnerabilidad afecta a Thunderbird < 91.8, Firefox < 99 y Firefox ESR < 91.8. The Mozilla Foundation Security Advisory describes this flaw as: If a compromised content process sent an unexpected number of WebAuthN Extensions in a Register command to the parent process, an out of bounds write would have occurred leading to memory corruption and a potentially exploitable crash. • https://github.com/0vercl0k/CVE-2022-28281 https://bugzilla.mozilla.org/show_bug.cgi?id=1755621 https://www.mozilla.org/security/advisories/mfsa2022-13 https://www.mozilla.org/security/advisories/mfsa2022-14 https://www.mozilla.org/security/advisories/mfsa2022-15 https://access.redhat.com/security/cve/CVE-2022-28281 https://bugzilla.redhat.com/show_bug.cgi?id=2072560 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-28289 – Mozilla: Memory safety bugs fixed in Firefox 99 and Firefox ESR 91.8
https://notcve.org/view.php?id=CVE-2022-28289
Mozilla developers and community members Nika Layzell, Andrew McCreight, Gabriele Svelto, and the Mozilla Fuzzing Team reported memory safety bugs present in Thunderbird 91.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 91.8, Firefox < 99, and Firefox ESR < 91.8. Los desarrolladores de Mozilla y miembros de la comunidad Nika Layzell, Andrew McCreight, Gabriele Svelto y el equipo Mozilla Fuzzing informaron sobre errores de seguridad de la memoria presentes en Thunderbird 91.7. Algunos de estos errores mostraron evidencia de corrupción de memoria y suponemos que con suficiente esfuerzo algunos de ellos podrían haberse aprovechado para ejecutar código arbitrario. • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1663508%2C1744525%2C1753508%2C1757476%2C1757805%2C1758549%2C1758776 https://www.mozilla.org/security/advisories/mfsa2022-13 https://www.mozilla.org/security/advisories/mfsa2022-14 https://www.mozilla.org/security/advisories/mfsa2022-15 https://access.redhat.com/security/cve/CVE-2022-28289 https://bugzilla.redhat.com/show_bug.cgi?id=2072566 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •