CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 2CVE-2022-28287
https://notcve.org/view.php?id=CVE-2022-28287
In unusual circumstances, selecting text could cause text selection caching to behave incorrectly, leading to a crash. This vulnerability affects Firefox < 99. En circunstancias inusuales, la selección de texto podría provocar que el almacenamiento en caché de selección de texto se comportara incorrectamente, lo que provocaría un bloqueo. Esta vulnerabilidad afecta a Firefox < 99. • https://bugzilla.mozilla.org/show_bug.cgi?id=1741515 https://www.mozilla.org/security/advisories/mfsa2022-13 •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-0843
https://notcve.org/view.php?id=CVE-2022-0843
Mozilla developers Kershaw Chang, Ryan VanderMeulen, and Randell Jesup reported memory safety bugs present in Firefox 97. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 98. Los desarrolladores de Mozilla, Kershaw Chang, Ryan VanderMeulen y Randell Jesup, informaron sobre errores de seguridad de la memoria presentes en Firefox 97. Algunos de estos errores mostraron evidencia de corrupción de la memoria y suponemos que con suficiente esfuerzo algunos de ellos podrían haberse aprovechado para ejecutar código arbitrario. • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1746523%2C1749062%2C1749164%2C1749214%2C1749610%2C1750032%2C1752100%2C1752405%2C1753612%2C1754508 https://www.mozilla.org/security/advisories/mfsa2022-10 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-26383 – Mozilla: Browser window spoof using fullscreen mode
https://notcve.org/view.php?id=CVE-2022-26383
When resizing a popup after requesting fullscreen access, the popup would not display the fullscreen notification. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7. Al cambiar el tamaño de una ventana emergente después de solicitar acceso a pantalla completa, la ventana emergente no mostraba la notificación en pantalla completa. Esta vulnerabilidad afecta a Firefox < 98, Firefox ESR < 91,7 y Thunderbird < 91.7. A flaw was found in Mozilla. • https://bugzilla.mozilla.org/show_bug.cgi?id=1742421 https://www.mozilla.org/security/advisories/mfsa2022-10 https://www.mozilla.org/security/advisories/mfsa2022-11 https://www.mozilla.org/security/advisories/mfsa2022-12 https://access.redhat.com/security/cve/CVE-2022-26383 https://bugzilla.redhat.com/show_bug.cgi?id=2062220 • CWE-449: The UI Performs the Wrong Action •
CVSS: 9.6EPSS: 0%CPEs: 3EXPL: 1CVE-2022-26384 – Mozilla: iframe allow-scripts sandbox bypass
https://notcve.org/view.php?id=CVE-2022-26384
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7. Si un atacante pudiera controlar el contenido de un iframe en un espacio aislado con <code>allow-popups</code> pero no con <code>allow-scripts</code>, podría crear un enlace que, al hacer clic, conduciría a Ejecución de JavaScript en violación de la sandbox. Esta vulnerabilidad afecta a Firefox < 98, Firefox ESR < 91,7 y Thunderbird < 91.7. The Mozilla Foundation Security Advisory describes this flaw as: If an attacker could control the contents of an iframe sandboxed with allow-popups but not allow-scripts, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. • https://bugzilla.mozilla.org/show_bug.cgi?id=1744352 https://www.mozilla.org/security/advisories/mfsa2022-10 https://www.mozilla.org/security/advisories/mfsa2022-11 https://www.mozilla.org/security/advisories/mfsa2022-12 https://access.redhat.com/security/cve/CVE-2022-26384 https://bugzilla.redhat.com/show_bug.cgi?id=2062221 • CWE-179: Incorrect Behavior Order: Early Validation •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 1CVE-2022-26387 – Mozilla: Time-of-check time-of-use bug when verifying add-on signatures
https://notcve.org/view.php?id=CVE-2022-26387
When installing an add-on, Firefox verified the signature before prompting the user; but while the user was confirming the prompt, the underlying add-on file could have been modified and Firefox would not have noticed. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7. Al instalar un complemento, Firefox verificaba la firma antes de avisar al usuario; pero mientras el usuario confirmaba el mensaje, el archivo complementario subyacente podría haberse modificado y Firefox no se habría dado cuenta. Esta vulnerabilidad afecta a Firefox < 98, Firefox ESR < 91,7 y Thunderbird < 91.7. A flaw was found in Mozilla. • https://bugzilla.mozilla.org/show_bug.cgi?id=1752979 https://www.mozilla.org/security/advisories/mfsa2022-10 https://www.mozilla.org/security/advisories/mfsa2022-11 https://www.mozilla.org/security/advisories/mfsa2022-12 https://access.redhat.com/security/cve/CVE-2022-26387 https://bugzilla.redhat.com/show_bug.cgi?id=2062222 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •