CVE-2021-29961
https://notcve.org/view.php?id=CVE-2021-29961
When styling and rendering an oversized `<select>` element, Firefox did not apply correct clipping which allowed an attacker to paint over the user interface. This vulnerability affects Firefox < 89. Al estilizar y renderizar un elemento "(select)" de gran tamaño, Firefox no aplicaba un recorte correcto que permitía a un atacante pintar sobre la interfaz de usuario. Esta vulnerabilidad afecta a Firefox versiones anteriores a 89 • https://bugzilla.mozilla.org/show_bug.cgi?id=1700235 https://security.gentoo.org/glsa/202107-09 https://www.mozilla.org/security/advisories/mfsa2021-23 • CWE-863: Incorrect Authorization •
CVE-2021-29962
https://notcve.org/view.php?id=CVE-2021-29962
Firefox for Android would become unstable and hard-to-recover when a website opened too many popups. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 89. Firefox para Android se volvía inestable y difícil de recuperar cuando un sitio web abría demasiadas ventanas emergentes. • https://bugzilla.mozilla.org/show_bug.cgi?id=1701673 https://www.mozilla.org/security/advisories/mfsa2021-23 • CWE-404: Improper Resource Shutdown or Release •
CVE-2021-29963
https://notcve.org/view.php?id=CVE-2021-29963
Address bar search suggestions in private browsing mode were re-using session data from normal mode. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 89. Las sugerencias de búsqueda de la barra de direcciones en el modo de navegación privada reusaban los datos de la sesión del modo normal. • https://bugzilla.mozilla.org/show_bug.cgi?id=1705068 https://www.mozilla.org/security/advisories/mfsa2021-23 • CWE-345: Insufficient Verification of Data Authenticity •
CVE-2021-29964
https://notcve.org/view.php?id=CVE-2021-29964
A locally-installed hostile program could send `WM_COPYDATA` messages that Firefox would process incorrectly, leading to an out-of-bounds read. *This bug only affects Firefox on Windows. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 78.11, Firefox < 89, and Firefox ESR < 78.11. Un programa hostil instalado localmente podría enviar mensajes "WM_COPYDATA" que Firefox procesaría incorrectamente, conllevando una lectura fuera de límites. • https://bugzilla.mozilla.org/show_bug.cgi?id=1706501 https://www.mozilla.org/security/advisories/mfsa2021-23 https://www.mozilla.org/security/advisories/mfsa2021-24 https://www.mozilla.org/security/advisories/mfsa2021-26 • CWE-125: Out-of-bounds Read •
CVE-2021-29965
https://notcve.org/view.php?id=CVE-2021-29965
A malicious website that causes an HTTP Authentication dialog to be spawned could trick the built-in password manager to suggest passwords for the currently active website instead of the website that triggered the dialog. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 89. Un sitio web malicioso que causa que se genere un diálogo de autenticación HTTP podría engañar al gestor de contraseñas integrado para sugerir contraseñas para el sitio web actualmente activo en lugar del sitio web que desencadenó el diálogo. • https://bugzilla.mozilla.org/show_bug.cgi?id=1709257 https://www.mozilla.org/security/advisories/mfsa2021-23 • CWE-610: Externally Controlled Reference to a Resource in Another Sphere •