CVSS: 4.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-52890
https://notcve.org/view.php?id=CVE-2023-52890
13 Jun 2024 — NTFS-3G before 75dcdc2 has a use-after-free in ntfs_uppercase_mbs in libntfs-3g/unistr.c. NOTE: discussion suggests that exploitation would be challenging. NTFS-3G anterior a 75dcdc2 tiene un use-after-free en ntfs_uppercase_mbs en libntfs-3g/unistr.c. NOTA: la discusión sugiere que la explotación sería un desafío. • https://github.com/tuxera/ntfs-3g/issues/84 •
CVSS: 7.6EPSS: 0%CPEs: 35EXPL: 0CVE-2024-5700 – Mozilla: Memory safety bugs fixed in Firefox 127, Firefox ESR 115.12, and Thunderbird 115.12
https://notcve.org/view.php?id=CVE-2024-5700
11 Jun 2024 — Memory safety bugs present in Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12. Errores de seguridad de la memoria presentes en Firefox 126, Firefox ESR 115.11 y Thunderbird 115.11. Algunos de estos errores mostraron evidencia de corrupción de memoria y sup... • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1862809%2C1889355%2C1893388%2C1895123 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-786: Access of Memory Location Before Start of Buffer CWE-788: Access of Memory Location After End of Buffer •
CVSS: 8.6EPSS: 0%CPEs: 35EXPL: 0CVE-2024-5696 – Mozilla: Memory Corruption in Text Fragments
https://notcve.org/view.php?id=CVE-2024-5696
11 Jun 2024 — By manipulating the text in an `<input>` tag, an attacker could have caused corrupt memory leading to a potentially exploitable crash. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12. Al manipular el texto en una etiqueta `<input>`, un atacante podría haber dañado la memoria y provocar un bloqueo potencialmente explotable. Esta vulnerabilidad afecta a Firefox < 127 y Firefox ESR < 115.12. The Mozilla Foundation Security Advisory describes this flaw ... • https://bugzilla.mozilla.org/show_bug.cgi?id=1896555 • CWE-787: Out-of-bounds Write CWE-1287: Improper Validation of Specified Type of Input •
CVSS: 6.4EPSS: 0%CPEs: 35EXPL: 0CVE-2024-5693 – Mozilla: Cross-Origin Image leak via Offscreen Canvas
https://notcve.org/view.php?id=CVE-2024-5693
11 Jun 2024 — Offscreen Canvas did not properly track cross-origin tainting, which could be used to access image data from another site in violation of same-origin policy. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12. Offscreen Canvas no realizó un seguimiento adecuado de la contaminación de origen cruzado, que podría usarse para acceder a datos de imágenes de otro sitio en violación de la política del mismo origen. Esta vulnerabilidad afecta a Firefox < 127 y Firefox ESR &l... • https://bugzilla.mozilla.org/show_bug.cgi?id=1891319 • CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVSS: 6.8EPSS: 0%CPEs: 17EXPL: 0CVE-2024-5692
https://notcve.org/view.php?id=CVE-2024-5692
11 Jun 2024 — On Windows 10, when using the 'Save As' functionality, an attacker could have tricked the browser into saving the file with a disallowed extension such as `.url` by including an invalid character in the extension. *Note:* This issue only affected Windows operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12. En Windows, al utilizar la función "Guardar como", un atacante podría haber engañado al navegador para que g... • https://bugzilla.mozilla.org/show_bug.cgi?id=1891234 •
CVSS: 6.1EPSS: 0%CPEs: 35EXPL: 0CVE-2024-5691 – Mozilla: Sandboxed iframes were able to bypass sandbox restrictions to open a new window
https://notcve.org/view.php?id=CVE-2024-5691
11 Jun 2024 — By tricking the browser with a `X-Frame-Options` header, a sandboxed iframe could have presented a button that, if clicked by a user, would bypass restrictions to open a new window. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12. Al engañar al navegador con un encabezado `X-Frame-Options`, un iframe en espacio aislado podría haber presentado un botón que, si un usuario hiciera clic en él, evitaría las restricciones para abrir una nueva ventana. Esta vulnerabilidad a... • https://bugzilla.mozilla.org/show_bug.cgi?id=1888695 • CWE-284: Improper Access Control •
CVSS: 6.1EPSS: 0%CPEs: 36EXPL: 0CVE-2024-5690 – Mozilla: External protocol handlers leaked by timing attack
https://notcve.org/view.php?id=CVE-2024-5690
11 Jun 2024 — By monitoring the time certain operations take, an attacker could have guessed which external protocol handlers were functional on a user's system. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12. Al monitorear el tiempo que toman ciertas operaciones, un atacante podría haber adivinado qué controladores de protocolos externos eran funcionales en el sistema de un usuario. Esta vulnerabilidad afecta a Firefox < 127 y Firefox ESR < 115.12. The Mozilla Foundation S... • https://bugzilla.mozilla.org/show_bug.cgi?id=1883693 • CWE-385: Covert Timing Channel •
CVSS: 8.1EPSS: 0%CPEs: 35EXPL: 0CVE-2024-5688 – Mozilla: Use-after-free in JavaScript object transplant
https://notcve.org/view.php?id=CVE-2024-5688
11 Jun 2024 — If a garbage collection was triggered at the right time, a use-after-free could have occurred during object transplant. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12. Si se activó una recolección de basura en el momento adecuado, podría haberse producido un use-after-free durante el trasplante de objetos. Esta vulnerabilidad afecta a Firefox < 127 y Firefox ESR < 115.12. The Mozilla Foundation Security Advisory describes this flaw as: If a garbage collection ... • https://bugzilla.mozilla.org/show_bug.cgi?id=1895086 • CWE-416: Use After Free •
CVSS: 7.6EPSS: 0%CPEs: 35EXPL: 0CVE-2024-5702 – Mozilla: Use-after-free in networking
https://notcve.org/view.php?id=CVE-2024-5702
11 Jun 2024 — Memory corruption in the networking stack could have led to a potentially exploitable crash. This vulnerability affects Firefox < 125, Firefox ESR < 115.12, and Thunderbird < 115.12. La corrupción de la memoria en la pila de red podría haber provocado un fallo potencialmente explotable. Esta vulnerabilidad afecta a Firefox < 125 y Firefox ESR < 115.12. The Mozilla Foundation Security Advisory describes this flaw as: Memory corruption in the networking stack could have led to a potentially exploitable ... • https://bugzilla.mozilla.org/show_bug.cgi?id=1193389 • CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 13EXPL: 0CVE-2024-36472 – gnome-shell: code execution in portal helper
https://notcve.org/view.php?id=CVE-2024-36472
28 May 2024 — In GNOME Shell through 45.7, a portal helper can be launched automatically (without user confirmation) based on network responses provided by an adversary (e.g., an adversary who controls the local Wi-Fi network), and subsequently loads untrusted JavaScript code, which may lead to resource consumption or other impacts depending on the JavaScript code's behavior. En GNOME Shell hasta la versión 45.7, se puede iniciar automáticamente un asistente de portal (sin confirmación del usuario) en función de las resp... • https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/7688 • CWE-83: Improper Neutralization of Script in Attributes in a Web Page CWE-346: Origin Validation Error •