CVE-2023-49060
https://notcve.org/view.php?id=CVE-2023-49060
An attacker could have accessed internal pages or data by ex-filtrating a security key from ReaderMode via the `referrerpolicy` attribute. This vulnerability affects Firefox for iOS < 120. Un atacante podría haber accedido a páginas o datos internos filtrando una clave de seguridad de ReaderMode a través del atributo "referrerpolicy". Esta vulnerabilidad afecta a Firefox para iOS < 120. • https://bugzilla.mozilla.org/show_bug.cgi?id=1861405 https://www.mozilla.org/security/advisories/mfsa2023-51 •
CVE-2023-6213
https://notcve.org/view.php?id=CVE-2023-6213
Memory safety bugs present in Firefox 119. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 120. Errores de seguridad de la memoria presentes en Firefox 119. Algunos de estos errores mostraron evidencia de corrupción de la memoria y suponemos que con suficiente esfuerzo algunos de ellos podrían haberse aprovechado para ejecutar código arbitrario. • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1849265%2C1851118%2C1854911 https://security.gentoo.org/glsa/202401-10 https://www.mozilla.org/security/advisories/mfsa2023-49 • CWE-787: Out-of-bounds Write •
CVE-2023-6212 – Mozilla: Memory safety bugs fixed in Firefox 120, Firefox ESR 115.5, and Thunderbird 115.5
https://notcve.org/view.php?id=CVE-2023-6212
Memory safety bugs present in Firefox 119, Firefox ESR 115.4, and Thunderbird 115.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5. Errores de seguridad de la memoria presentes en Firefox 119, Firefox 115.4 y Thunderbird 115.4. Algunos de estos errores mostraron evidencia de corrupción de memoria y suponemos que con suficiente esfuerzo algunos de ellos podrían haberse aprovechado para ejecutar código arbitrario. • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1658432%2C1820983%2C1829252%2C1856072%2C1856091%2C1859030%2C1860943%2C1862782 https://lists.debian.org/debian-lts-announce/2023/11/msg00017.html https://lists.debian.org/debian-lts-announce/2023/11/msg00030.html https://www.debian.org/security/2023/dsa-5561 https://www.mozilla.org/security/advisories/mfsa2023-49 https://www.mozilla.org/security/advisories/mfsa2023-50 https://www.mozilla.org/security/advisories/mfsa2023-52 https://access.redhat.com/se • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVE-2023-6211
https://notcve.org/view.php?id=CVE-2023-6211
If an attacker needed a user to load an insecure http: page and knew that user had enabled HTTPS-only mode, the attacker could have tricked the user into clicking to grant an HTTPS-only exception if they could get the user to participate in a clicking game. This vulnerability affects Firefox < 120. Si un atacante necesitaba que un usuario cargara una página http: insegura y sabía que el usuario había habilitado el modo solo HTTPS, el atacante podría haber engañado al usuario para que hiciera clic para otorgar una excepción solo HTTPS si pudiera lograr que el usuario participara en una juego de clics. Esta vulnerabilidad afecta a Firefox < 120. • https://bugzilla.mozilla.org/show_bug.cgi?id=1850200 https://security.gentoo.org/glsa/202401-10 https://www.mozilla.org/security/advisories/mfsa2023-49 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVE-2023-6210
https://notcve.org/view.php?id=CVE-2023-6210
When an https: web page created a pop-up from a "javascript:" URL, that pop-up was incorrectly allowed to load blockable content such as iframes from insecure http: URLs This vulnerability affects Firefox < 120. Cuando una página web https: creó una ventana emergente desde una URL "javascript:", a esa ventana emergente se le permitió incorrectamente cargar contenido bloqueable, como iframes de URL http: inseguras. Esta vulnerabilidad afecta a Firefox < 120. • https://bugzilla.mozilla.org/show_bug.cgi?id=1801501 https://security.gentoo.org/glsa/202401-10 https://www.mozilla.org/security/advisories/mfsa2023-49 •