CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-28163 – Gentoo Linux Security Advisory 202305-35
https://notcve.org/view.php?id=CVE-2023-28163
30 May 2023 — When downloading files through the Save As dialog on Windows with suggested filenames containing environment variable names, Windows would have resolved those in the context of the current user. <br>*This bug only affects Firefox on Windows. Other versions of Firefox are unaffected.*. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9. Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which could result in arbitrary code execution. • https://bugzilla.mozilla.org/show_bug.cgi?id=1817768 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-32205 – Mozilla: Browser prompts could have been obscured by popups
https://notcve.org/view.php?id=CVE-2023-32205
11 May 2023 — In multiple cases browser prompts could have been obscured by popups controlled by content. These could have led to potential user confusion and spoofing attacks. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. The Mozilla Foundation Security Advisory describes this flaw as: In multiple cases browser prompts could have been obscured by popups controlled by content. These could have led to potential user confusion and spoofing attacks. • https://bugzilla.mozilla.org/show_bug.cgi?id=1753339 • CWE-451: User Interface (UI) Misrepresentation of Critical Information •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-32206 – Mozilla: Crash in RLBox Expat driver
https://notcve.org/view.php?id=CVE-2023-32206
11 May 2023 — An out-of-bound read could have led to a crash in the RLBox Expat driver. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. The Mozilla Foundation Security Advisory describes this flaw as: An out-of-bound read could have led to a crash in the RLBox Expat driver. USN-6074-1 fixed vulnerabilities and USN-6074-2 fixed minor regressions in Firefox. The update introduced several minor regressions. • https://bugzilla.mozilla.org/show_bug.cgi?id=1824892 • CWE-125: Out-of-bounds Read •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2023-32207 – Mozilla: Potential permissions request bypass via clickjacking
https://notcve.org/view.php?id=CVE-2023-32207
11 May 2023 — A missing delay in popup notifications could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. The Mozilla Foundation Security Advisory describes this flaw as: A missing delay in popup notifications could have made it possible for an attacker to trick a user into granting permissions. USN-6074-1 fixed vulnerabilities and USN-6074-2 fixed minor regressions in Firefox. The update introduced... • https://bugzilla.mozilla.org/show_bug.cgi?id=1826116 • CWE-280: Improper Handling of Insufficient Permissions or Privileges CWE-290: Authentication Bypass by Spoofing •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2023-32212 – Mozilla: Potential spoof due to obscured address bar
https://notcve.org/view.php?id=CVE-2023-32212
11 May 2023 — An attacker could have positioned a <code>datalist</code> element to obscure the address bar. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. An attacker could have positioned a `datalist` element to obscure the address bar. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. The Mozilla Foundation Security Advisory describes this flaw as: An attacker could have positioned a `datalist` element to obscure the address bar. • https://bugzilla.mozilla.org/show_bug.cgi?id=1826622 • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-32211 – Mozilla: Content process crash due to invalid wasm code
https://notcve.org/view.php?id=CVE-2023-32211
11 May 2023 — A type checking bug would have led to invalid code being compiled. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. The Mozilla Foundation Security Advisory describes this flaw as: A type checking bug would have led to invalid code being compiled. Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtai... • https://bugzilla.mozilla.org/show_bug.cgi?id=1823379 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2023-32213 – Mozilla: Potential memory corruption in FileReader::DoReadData()
https://notcve.org/view.php?id=CVE-2023-32213
11 May 2023 — When reading a file, an uninitialized value could have been used as read limit. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. The Mozilla Foundation Security Advisory describes this flaw as: When reading a file, an uninitialized value could have been used as read limit. USN-6074-1 fixed vulnerabilities and USN-6074-2 fixed minor regressions in Firefox. The update introduced several minor regressions. • https://bugzilla.mozilla.org/show_bug.cgi?id=1826666 • CWE-457: Use of Uninitialized Variable CWE-908: Use of Uninitialized Resource •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2023-32215 – Mozilla: Memory safety bugs fixed in Firefox 113 and Firefox ESR 102.11
https://notcve.org/view.php?id=CVE-2023-32215
11 May 2023 — Memory safety bugs present in Firefox 112 and Firefox ESR 102.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. Mozilla developers and community members Gabriele Svelto, Andrew Osmond, Emily McDonough, Sebastian Hengst, Andrew McCreight and the Mozilla Fuzzing Team reported memory safety bugs present in Firef... • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1540883%2C1751943%2C1814856%2C1820210%2C1821480%2C1827019%2C1827024%2C1827144%2C1827359%2C1830186 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-1945 – Mozilla: Memory Corruption in Safe Browsing Code
https://notcve.org/view.php?id=CVE-2023-1945
13 Apr 2023 — Unexpected data returned from the Safe Browsing API could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 102.10 and Firefox ESR < 102.10. The Mozilla Foundation Security Advisory describes this flaw as: Unexpected data returned from the Safe Browsing API could have led to memory corruption and a potentially exploitable crash. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update... • https://bugzilla.mozilla.org/show_bug.cgi?id=1777588 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 5EXPL: 0CVE-2023-29550 – Mozilla: Memory safety bugs fixed in Firefox 112 and Firefox ESR 102.10
https://notcve.org/view.php?id=CVE-2023-29550
13 Apr 2023 — Memory safety bugs present in Firefox 111 and Firefox ESR 102.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10. The Mozilla Foundation Security Advisory describes this flaw as: Mozilla developers Andrew Osmond, Sebastian Hengst, Andrew McCreight, and the Mozi... • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1720594%2C1812498%2C1814217%2C1818357%2C1751945%2C1818762%2C1819493%2C1820389%2C1820602%2C1821448%2C1822413%2C1824828 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •