CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-28163 – Gentoo Linux Security Advisory 202305-35
https://notcve.org/view.php?id=CVE-2023-28163
30 May 2023 — When downloading files through the Save As dialog on Windows with suggested filenames containing environment variable names, Windows would have resolved those in the context of the current user. <br>*This bug only affects Firefox on Windows. Other versions of Firefox are unaffected.*. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9. Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which could result in arbitrary code execution. • https://bugzilla.mozilla.org/show_bug.cgi?id=1817768 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-29547 – Gentoo Linux Security Advisory 202305-35
https://notcve.org/view.php?id=CVE-2023-29547
30 May 2023 — When a secure cookie existed in the Firefox cookie jar an insecure cookie for the same domain could have been created, when it should have silently failed. This could have led to a desynchronization in expected results when reading from the secure cookie. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112. Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which could result in arbitrary code execution. Versions greater than or equal ... • https://bugzilla.mozilla.org/show_bug.cgi?id=1783536 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-25738 – Gentoo Linux Security Advisory 202305-35
https://notcve.org/view.php?id=CVE-2023-25738
30 May 2023 — Members of the DEVMODEW struct set by the printer device driver weren't being validated and could have resulted in invalid values which in turn would cause the browser to attempt out of bounds access to related variables.
*This bug only affects Firefox on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which could result in ... • https://bugzilla.mozilla.org/show_bug.cgi?id=1811852 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-32205 – Mozilla: Browser prompts could have been obscured by popups
https://notcve.org/view.php?id=CVE-2023-32205
11 May 2023 — In multiple cases browser prompts could have been obscured by popups controlled by content. These could have led to potential user confusion and spoofing attacks. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. The Mozilla Foundation Security Advisory describes this flaw as: In multiple cases browser prompts could have been obscured by popups controlled by content. These could have led to potential user confusion and spoofing attacks. • https://bugzilla.mozilla.org/show_bug.cgi?id=1753339 • CWE-451: User Interface (UI) Misrepresentation of Critical Information •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-32206 – Mozilla: Crash in RLBox Expat driver
https://notcve.org/view.php?id=CVE-2023-32206
11 May 2023 — An out-of-bound read could have led to a crash in the RLBox Expat driver. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. The Mozilla Foundation Security Advisory describes this flaw as: An out-of-bound read could have led to a crash in the RLBox Expat driver. USN-6074-1 fixed vulnerabilities and USN-6074-2 fixed minor regressions in Firefox. The update introduced several minor regressions. • https://bugzilla.mozilla.org/show_bug.cgi?id=1824892 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-32211 – Mozilla: Content process crash due to invalid wasm code
https://notcve.org/view.php?id=CVE-2023-32211
11 May 2023 — A type checking bug would have led to invalid code being compiled. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. The Mozilla Foundation Security Advisory describes this flaw as: A type checking bug would have led to invalid code being compiled. Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtai... • https://bugzilla.mozilla.org/show_bug.cgi?id=1823379 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2023-32212 – Mozilla: Potential spoof due to obscured address bar
https://notcve.org/view.php?id=CVE-2023-32212
11 May 2023 — An attacker could have positioned a datalist element to obscure the address bar. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. The Mozilla Foundation Security Advisory describes this flaw as: An attacker could have positioned a `datalist` element to obscure the address bar. Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploi... • https://bugzilla.mozilla.org/show_bug.cgi?id=1826622 • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2023-32213 – Mozilla: Potential memory corruption in FileReader::DoReadData()
https://notcve.org/view.php?id=CVE-2023-32213
11 May 2023 — When reading a file, an uninitialized value could have been used as read limit. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. The Mozilla Foundation Security Advisory describes this flaw as: When reading a file, an uninitialized value could have been used as read limit. USN-6074-1 fixed vulnerabilities and USN-6074-2 fixed minor regressions in Firefox. The update introduced several minor regressions. • https://bugzilla.mozilla.org/show_bug.cgi?id=1826666 • CWE-457: Use of Uninitialized Variable CWE-908: Use of Uninitialized Resource •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2023-32215 – Mozilla: Memory safety bugs fixed in Firefox 113 and Firefox ESR 102.11
https://notcve.org/view.php?id=CVE-2023-32215
11 May 2023 — Memory safety bugs present in Firefox 112 and Firefox ESR 102.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. The Mozilla Foundation Security Advisory describes this flaw as: Mozilla developers and community members reported memory safety bugs present in Firefox 112 and Firefox ESR 102.10. Some of these bug... • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1540883%2C1751943%2C1814856%2C1820210%2C1821480%2C1827019%2C1827024%2C1827144%2C1827359%2C1830186 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2023-32207 – Mozilla: Potential permissions request bypass via clickjacking
https://notcve.org/view.php?id=CVE-2023-32207
11 May 2023 — A missing delay in popup notifications could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. The Mozilla Foundation Security Advisory describes this flaw as: A missing delay in popup notifications could have made it possible for an attacker to trick a user into granting permissions. USN-6074-1 fixed vulnerabilities and USN-6074-2 fixed minor regressions in Firefox. The update introduced... • https://bugzilla.mozilla.org/show_bug.cgi?id=1826116 • CWE-280: Improper Handling of Insufficient Permissions or Privileges CWE-290: Authentication Bypass by Spoofing •