CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-22743 – Mozilla: Browser window spoof using fullscreen mode
https://notcve.org/view.php?id=CVE-2022-22743
When navigating from inside an iframe while requesting fullscreen access, an attacker-controlled tab could have made the browser unable to leave fullscreen mode. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5. Al navegar desde dentro de un iframe mientras se solicita acceso a pantalla completa, una pestaña controlada por un atacante podría haber impedido que el navegador saliera del modo de pantalla completa. Esta vulnerabilidad afecta a Firefox ESR < 91.5, Firefox < 96 y Thunderbird < 91.5. A flaw was found in Mozilla. • https://bugzilla.mozilla.org/show_bug.cgi?id=1739220 https://www.mozilla.org/security/advisories/mfsa2022-01 https://www.mozilla.org/security/advisories/mfsa2022-02 https://www.mozilla.org/security/advisories/mfsa2022-03 https://access.redhat.com/security/cve/CVE-2022-22743 https://bugzilla.redhat.com/show_bug.cgi?id=2039561 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-38505
https://notcve.org/view.php?id=CVE-2021-38505
Microsoft introduced a new feature in Windows 10 known as Cloud Clipboard which, if enabled, will record data copied to the clipboard to the cloud, and make it available on other computers in certain scenarios. Applications that wish to prevent copied data from being recorded in Cloud History must use specific clipboard formats; and Firefox before versions 94 and ESR 91.3 did not implement them. This could have caused sensitive data to be recorded to a user's Microsoft account. *This bug only affects Firefox for Windows 10+ with Cloud Clipboard enabled. Other operating systems are unaffected.*. • https://bugzilla.mozilla.org/show_bug.cgi?id=1730194 https://www.mozilla.org/security/advisories/mfsa2021-48 https://www.mozilla.org/security/advisories/mfsa2021-49 https://www.mozilla.org/security/advisories/mfsa2021-50 • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-38510
https://notcve.org/view.php?id=CVE-2021-38510
The executable file warning was not presented when downloading .inetloc files, which, due to a flaw in Mac OS, can run commands on a user's computer.*Note: This issue only affected Mac OS operating systems. Other operating systems are unaffected.*. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. La advertencia de archivo ejecutable no se presentaba cuando se descargaban archivos .inetloc, que, debido a un fallo en Mac OS, pueden ejecutar comandos en el ordenador de un usuario. • https://bugzilla.mozilla.org/show_bug.cgi?id=1731779 https://www.mozilla.org/security/advisories/mfsa2021-48 https://www.mozilla.org/security/advisories/mfsa2021-49 https://www.mozilla.org/security/advisories/mfsa2021-50 •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-43528 – Mozilla: JavaScript unexpectedly enabled for the composition area
https://notcve.org/view.php?id=CVE-2021-43528
Thunderbird unexpectedly enabled JavaScript in the composition area. The JavaScript execution context was limited to this area and did not receive chrome-level privileges, but could be used as a stepping stone to further an attack with other vulnerabilities. This vulnerability affects Thunderbird < 91.4.0. Thunderbird habilitó inesperadamente JavaScript en el área de composición. El contexto de ejecución de JavaScript se limitaba a esta área y no recibía privilegios a nivel de cromo, pero podía ser usado como un trampolín para avanzar en un ataque con otras vulnerabilidades. • https://bugzilla.mozilla.org/show_bug.cgi?id=1742579 https://lists.debian.org/debian-lts-announce/2022/01/msg00001.html https://security.gentoo.org/glsa/202208-14 https://www.debian.org/security/2022/dsa-5034 https://www.mozilla.org/security/advisories/mfsa2021-54 https://access.redhat.com/security/cve/CVE-2021-43528 https://bugzilla.redhat.com/show_bug.cgi?id=2030137 • CWE-269: Improper Privilege Management CWE-281: Improper Preservation of Permissions •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 1CVE-2021-43530
https://notcve.org/view.php?id=CVE-2021-43530
A Universal XSS vulnerability was present in Firefox for Android resulting from improper sanitization when processing a URL scanned from a QR code. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 94. Una vulnerabilidad de tipo XSS universal estaba presente en Firefox para Android como resultado de un saneo inapropiado cuando se procesa una URL escaneada desde un código QR. • https://github.com/hfh86/CVE-2021-43530-UXSS-On-QRcode-Reader- https://bugzilla.mozilla.org/show_bug.cgi?id=1736886 https://www.mozilla.org/security/advisories/mfsa2021-48 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •