CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-23994 – Mozilla: Out of bound write due to lazy initialization
https://notcve.org/view.php?id=CVE-2021-23994
A WebGL framebuffer was not initialized early enough, resulting in memory corruption and an out of bound write. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88. Un framebuffer de WebGL no se inicializaba con suficiente antelación, resultando en una corrupción de memoria y una escritura fuera de límites. Esta vulnerabilidad afecta a Firefox ESR versiones anteriores a 78.10, Thunderbird versiones anteriores a 78.10 y Firefox versiones anteriores a 88 • https://bugzilla.mozilla.org/show_bug.cgi?id=1699077 https://www.mozilla.org/security/advisories/mfsa2021-14 https://www.mozilla.org/security/advisories/mfsa2021-15 https://www.mozilla.org/security/advisories/mfsa2021-16 https://access.redhat.com/security/cve/CVE-2021-23994 https://bugzilla.redhat.com/show_bug.cgi?id=1951364 • CWE-787: Out-of-bounds Write CWE-909: Missing Initialization of Resource •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 1CVE-2021-23999 – Mozilla: Blob URLs may have been granted additional privileges
https://notcve.org/view.php?id=CVE-2021-23999
If a Blob URL was loaded through some unusual user interaction, it could have been loaded by the System Principal and granted additional privileges that should not be granted to web content. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88. Si una URL Blob se cargó mediante alguna interacción inusual del usuario, podría haber sido cargada por el Principal del Sistema y conceder privilegios adicionales que no deberían concederse al contenido web. Esta vulnerabilidad afecta a Firefox ESR versiones anteriores a 78.10, Thunderbird versiones anteriores a 78.10 y Firefox versiones anteriores a 88 • https://bugzilla.mozilla.org/show_bug.cgi?id=1691153 https://www.mozilla.org/security/advisories/mfsa2021-14 https://www.mozilla.org/security/advisories/mfsa2021-15 https://www.mozilla.org/security/advisories/mfsa2021-16 https://access.redhat.com/security/cve/CVE-2021-23999 https://bugzilla.redhat.com/show_bug.cgi?id=1951368 • CWE-269: Improper Privilege Management CWE-281: Improper Preservation of Permissions CWE-697: Incorrect Comparison •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-29945 – Mozilla: Incorrect size computation in WebAssembly JIT could lead to null-reads
https://notcve.org/view.php?id=CVE-2021-29945
The WebAssembly JIT could miscalculate the size of a return type, which could lead to a null read and result in a crash. *Note: This issue only affected x86-32 platforms. Other platforms are unaffected.*. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88. El JIT de WebAssembly podía calcular mal el tamaño de un tipo de retorno, lo que podía conllevar a una lectura nula y resultar en un bloqueo. • https://bugzilla.mozilla.org/show_bug.cgi?id=1700690 https://www.mozilla.org/security/advisories/mfsa2021-14 https://www.mozilla.org/security/advisories/mfsa2021-15 https://www.mozilla.org/security/advisories/mfsa2021-16 https://access.redhat.com/security/cve/CVE-2021-29945 https://bugzilla.redhat.com/show_bug.cgi?id=1951370 • CWE-476: NULL Pointer Dereference CWE-682: Incorrect Calculation •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-23995 – Mozilla: Use-after-free in Responsive Design Mode
https://notcve.org/view.php?id=CVE-2021-23995
When Responsive Design Mode was enabled, it used references to objects that were previously freed. We presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88. Cuando se habilitó el Modo de Diseño Responsivo, se usaron referencias a objetos que fueron liberados previamente. Presumimos que con suficiente esfuerzo esto podría haber sido explotado para ejecutar código arbitrario. • https://bugzilla.mozilla.org/show_bug.cgi?id=1699835 https://www.mozilla.org/security/advisories/mfsa2021-14 https://www.mozilla.org/security/advisories/mfsa2021-15 https://www.mozilla.org/security/advisories/mfsa2021-16 https://access.redhat.com/security/cve/CVE-2021-23995 https://bugzilla.redhat.com/show_bug.cgi?id=1951365 • CWE-416: Use After Free CWE-672: Operation on a Resource after Expiration or Release •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-23988
https://notcve.org/view.php?id=CVE-2021-23988
Mozilla developers reported memory safety bugs present in Firefox 86. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 87. Los desarrolladores de Mozilla, reportaron bugs de seguridad de la memoria presentes en Firefox versión 86. Algunos de estos bugs mostraron evidencia de corrupción de la memoria y suponemos que con suficiente esfuerzo algunos de ellos podrían haber sido explotados para ejecutar código arbitrario. • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1684994%2C1686653 https://www.mozilla.org/security/advisories/mfsa2021-10 • CWE-787: Out-of-bounds Write •