CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-22742 – Mozilla: Out-of-bounds memory access when inserting text in edit mode
https://notcve.org/view.php?id=CVE-2022-22742
When inserting text while in edit mode, some characters might have lead to out-of-bounds memory access causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5. Al insertar texto en el modo de edición, es posible que algunos caracteres hayan provocado un acceso a la memoria fuera de los límites, lo que provocó un bloqueo potencialmente explotable. Esta vulnerabilidad afecta a Firefox ESR < 91.5, Firefox < 96 y Thunderbird < 91.5. A flaw was found in Mozilla. • https://bugzilla.mozilla.org/show_bug.cgi?id=1739923 https://www.mozilla.org/security/advisories/mfsa2022-01 https://www.mozilla.org/security/advisories/mfsa2022-02 https://www.mozilla.org/security/advisories/mfsa2022-03 https://access.redhat.com/security/cve/CVE-2022-22742 https://bugzilla.redhat.com/show_bug.cgi?id=2039563 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-22745 – Mozilla: Leaking cross-origin URLs through securitypolicyviolation event
https://notcve.org/view.php?id=CVE-2022-22745
Securitypolicyviolation events could have leaked cross-origin information for frame-ancestors violations. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5. Los eventos de violación de la política de seguridad podrían haber filtrado información de origen cruzado sobre violaciones de los ancestros del frame. Esta vulnerabilidad afecta a Firefox ESR < 91.5, Firefox < 96 y Thunderbird < 91.5. A flaw was found in Mozilla. • https://bugzilla.mozilla.org/show_bug.cgi?id=1735856 https://www.mozilla.org/security/advisories/mfsa2022-01 https://www.mozilla.org/security/advisories/mfsa2022-02 https://www.mozilla.org/security/advisories/mfsa2022-03 https://access.redhat.com/security/cve/CVE-2022-22745 https://bugzilla.redhat.com/show_bug.cgi?id=2039570 • CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-38505
https://notcve.org/view.php?id=CVE-2021-38505
Microsoft introduced a new feature in Windows 10 known as Cloud Clipboard which, if enabled, will record data copied to the clipboard to the cloud, and make it available on other computers in certain scenarios. Applications that wish to prevent copied data from being recorded in Cloud History must use specific clipboard formats; and Firefox before versions 94 and ESR 91.3 did not implement them. This could have caused sensitive data to be recorded to a user's Microsoft account. *This bug only affects Firefox for Windows 10+ with Cloud Clipboard enabled. Other operating systems are unaffected.*. • https://bugzilla.mozilla.org/show_bug.cgi?id=1730194 https://www.mozilla.org/security/advisories/mfsa2021-48 https://www.mozilla.org/security/advisories/mfsa2021-49 https://www.mozilla.org/security/advisories/mfsa2021-50 • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-38510
https://notcve.org/view.php?id=CVE-2021-38510
The executable file warning was not presented when downloading .inetloc files, which, due to a flaw in Mac OS, can run commands on a user's computer.*Note: This issue only affected Mac OS operating systems. Other operating systems are unaffected.*. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. La advertencia de archivo ejecutable no se presentaba cuando se descargaban archivos .inetloc, que, debido a un fallo en Mac OS, pueden ejecutar comandos en el ordenador de un usuario. • https://bugzilla.mozilla.org/show_bug.cgi?id=1731779 https://www.mozilla.org/security/advisories/mfsa2021-48 https://www.mozilla.org/security/advisories/mfsa2021-49 https://www.mozilla.org/security/advisories/mfsa2021-50 •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 1CVE-2021-43530
https://notcve.org/view.php?id=CVE-2021-43530
A Universal XSS vulnerability was present in Firefox for Android resulting from improper sanitization when processing a URL scanned from a QR code. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 94. Una vulnerabilidad de tipo XSS universal estaba presente en Firefox para Android como resultado de un saneo inapropiado cuando se procesa una URL escaneada desde un código QR. • https://github.com/hfh86/CVE-2021-43530-UXSS-On-QRcode-Reader- https://bugzilla.mozilla.org/show_bug.cgi?id=1736886 https://www.mozilla.org/security/advisories/mfsa2021-48 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •