CVE-2023-5727
https://notcve.org/view.php?id=CVE-2023-5727
The executable file warning was not presented when downloading .msix, .msixbundle, .appx, and .appxbundle files, which can run commands on a user's computer. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1. La advertencia de archivo ejecutable no se presentó al descargar archivos .msix, .msixbundle, .appx, y .appxbundle, que pueden ejecutar comandos en el ordenador de un usuario. *Nota: Este problema solo afectó a los sistemas operativos Windows. • https://bugzilla.mozilla.org/show_bug.cgi?id=1847180 https://www.mozilla.org/security/advisories/mfsa2023-45 https://www.mozilla.org/security/advisories/mfsa2023-46 https://www.mozilla.org/security/advisories/mfsa2023-47 •
CVE-2023-5726
https://notcve.org/view.php?id=CVE-2023-5726
A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion and possible spoofing attacks. *Note: This issue only affected macOS operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1. Un sitio web podría haber oscurecido la notificación de pantalla completa utilizando el cuadro de diálogo de apertura de archivo. Esto podría haber generado confusión en los usuarios y posibles ataques de suplantación de identidad. • https://bugzilla.mozilla.org/show_bug.cgi?id=1846205 https://www.mozilla.org/security/advisories/mfsa2023-45 https://www.mozilla.org/security/advisories/mfsa2023-46 https://www.mozilla.org/security/advisories/mfsa2023-47 •
CVE-2023-5725 – Mozilla: WebExtensions could open arbitrary URLs
https://notcve.org/view.php?id=CVE-2023-5725
A malicious installed WebExtension could open arbitrary URLs, which under the right circumstance could be leveraged to collect sensitive user data. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1. Una WebExtension maliciosa instalada podría abrir URL arbitrarias, que en las circunstancias adecuadas podrían aprovecharse para recopilar datos confidenciales del usuario. Esta vulnerabilidad afecta a Firefox < 119, Firefox ESR < 115.4 y Thunderbird < 115.4.1. The Mozilla Foundation Security Advisory describes this flaw as: A malicious installed WebExtension could open arbitrary URLs, which under the right circumstance could be leveraged to collect sensitive user data. • https://bugzilla.mozilla.org/show_bug.cgi?id=1845739 https://lists.debian.org/debian-lts-announce/2023/10/msg00037.html https://lists.debian.org/debian-lts-announce/2023/10/msg00042.html https://www.debian.org/security/2023/dsa-5535 https://www.debian.org/security/2023/dsa-5538 https://www.mozilla.org/security/advisories/mfsa2023-45 https://www.mozilla.org/security/advisories/mfsa2023-46 https://www.mozilla.org/security/advisories/mfsa2023-47 https://access.redhat.com/security • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVE-2023-5724 – Mozilla: Large WebGL draw could have led to a crash
https://notcve.org/view.php?id=CVE-2023-5724
Drivers are not always robust to extremely large draw calls and in some cases this scenario could have led to a crash. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1. Los controladores no siempre son resistentes a las llamadas de "dibujo" extremadamente grandes y, en algunos casos, este escenario podría haber provocado un bloqueo. Esta vulnerabilidad afecta a Firefox < 119, Firefox ESR < 115.4 y Thunderbird < 115.4.1. The Mozilla Foundation Security Advisory describes this flaw as: Drivers are not always robust to extremely large draw calls and in some cases this scenario could have led to a crash. • https://bugzilla.mozilla.org/show_bug.cgi?id=1836705 https://lists.debian.org/debian-lts-announce/2023/10/msg00037.html https://lists.debian.org/debian-lts-announce/2023/10/msg00042.html https://www.debian.org/security/2023/dsa-5535 https://www.debian.org/security/2023/dsa-5538 https://www.mozilla.org/security/advisories/mfsa2023-45 https://www.mozilla.org/security/advisories/mfsa2023-46 https://www.mozilla.org/security/advisories/mfsa2023-47 https://access.redhat.com/security • CWE-400: Uncontrolled Resource Consumption CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVE-2023-5721 – Mozilla: Queued up rendering could have allowed websites to clickjack
https://notcve.org/view.php?id=CVE-2023-5721
It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an insufficient activation-delay. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1. Era posible que el usuario activara o descartara ciertas indicaciones y cuadros de diálogo del navegador debido a una insuficiente activación del delay. Esta vulnerabilidad afecta a Firefox < 119, Firefox ESR < 115.4 y Thunderbird < 115.4.1. A flaw was found in Mozilla. • https://bugzilla.mozilla.org/show_bug.cgi?id=1830820 https://lists.debian.org/debian-lts-announce/2023/10/msg00037.html https://lists.debian.org/debian-lts-announce/2023/10/msg00042.html https://www.debian.org/security/2023/dsa-5535 https://www.debian.org/security/2023/dsa-5538 https://www.mozilla.org/security/advisories/mfsa2023-45 https://www.mozilla.org/security/advisories/mfsa2023-46 https://www.mozilla.org/security/advisories/mfsa2023-47 https://access.redhat.com/security • CWE-356: Product UI does not Warn User of Unsafe Actions CWE-1021: Improper Restriction of Rendered UI Layers or Frames •