CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-23983
https://notcve.org/view.php?id=CVE-2021-23983
By causing a transition on a parent node by removing a CSS rule, an invalid property for a marker could have been applied, resulting in memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 87. Al causar una transición en un nodo principal mediante la eliminación de una regla CSS, se podría haber aplicado una propiedad no válida para un marcador, resultando en una corrupción de la memoria y un bloqueo potencialmente explotable. Esta vulnerabilidad afecta a Firefox versiones anteriores a 87. • https://bugzilla.mozilla.org/show_bug.cgi?id=1692684 https://www.mozilla.org/security/advisories/mfsa2021-10 • CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-23985
https://notcve.org/view.php?id=CVE-2021-23985
If an attacker is able to alter specific about:config values (for example malware running on the user's computer), the Devtools remote debugging feature could have been enabled in a way that was unnoticable to the user. This would have allowed a remote attacker (able to make a direct network connection to the victim) to monitor the user's browsing activity and (plaintext) network traffic. This was addressed by providing a visual cue when Devtools has an open network socket. This vulnerability affects Firefox < 87. Si un atacante puede ser capaz de alterar valores específicos de about:config (por ejemplo, malware que se ejecuta en la computadora del usuario), la funcionalidad de depuración remota de Devtools podría haber sido habilitada de una manera que el usuario no pudo notar. • https://bugzilla.mozilla.org/show_bug.cgi?id=1659129 https://www.mozilla.org/security/advisories/mfsa2021-10 •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-23986
https://notcve.org/view.php?id=CVE-2021-23986
A malicious extension with the 'search' permission could have installed a new search engine whose favicon referenced a cross-origin URL. The response to this cross-origin request could have been read by the extension, allowing a same-origin policy bypass by the extension, which should not have cross-origin permissions. This cross-origin request was made without cookies, so the sensitive information disclosed by the violation was limited to local-network resources or resources that perform IP-based authentication. This vulnerability affects Firefox < 87. Una extensión maliciosa con el permiso de "search" podría haber instalado un nuevo motor de búsqueda cuyo favicon hiciera referencia a una URL de origen cruzado. • https://bugzilla.mozilla.org/show_bug.cgi?id=1692623 https://www.mozilla.org/security/advisories/mfsa2021-10 • CWE-346: Origin Validation Error •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-23984 – Mozilla: Malicious extensions could have spoofed popup information
https://notcve.org/view.php?id=CVE-2021-23984
A malicious extension could have opened a popup window lacking an address bar. The title of the popup lacking an address bar should not be fully controllable, but in this situation was. This could have been used to spoof a website and attempt to trick the user into providing credentials. This vulnerability affects Firefox ESR < 78.9, Firefox < 87, and Thunderbird < 78.9. Una extensión maliciosa podría haber abierto una ventana emergente sin una barra de direcciones. • https://bugzilla.mozilla.org/show_bug.cgi?id=1693664 https://www.mozilla.org/security/advisories/mfsa2021-10 https://www.mozilla.org/security/advisories/mfsa2021-11 https://www.mozilla.org/security/advisories/mfsa2021-12 https://access.redhat.com/security/cve/CVE-2021-23984 https://bugzilla.redhat.com/show_bug.cgi?id=1942786 • CWE-290: Authentication Bypass by Spoofing CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 8.1EPSS: 0%CPEs: 3EXPL: 0CVE-2021-23981 – Mozilla: Texture upload into an unbound backing buffer resulted in an out-of-bound read
https://notcve.org/view.php?id=CVE-2021-23981
A texture upload of a Pixel Buffer Object could have confused the WebGL code to skip binding the buffer used to unpack it, resulting in memory corruption and a potentially exploitable information leak or crash. This vulnerability affects Firefox ESR < 78.9, Firefox < 87, and Thunderbird < 78.9. Una carga de textura de un Objeto de Búfer de Píxeles podría haber confundido el código WebGL para omitir el enlace del búfer usado para descomprimirlo, resultando en la corrupción de la memoria y una filtración o bloqueo de información potencialmente explotable. Esta vulnerabilidad afecta a Firefox ESR versión 78.9, Firefox versiones anteriores a 87, and Thunderbird versiones anteriores a 78.9. The Mozilla Foundation Security Advisory describes this issue as: A texture upload of a Pixel Buffer Object could have confused the WebGL code to skip binding the buffer used to unpack it, resulting in memory corruption and a potentially exploitable information leak or crash. • https://bugzilla.mozilla.org/show_bug.cgi?id=1692832 https://www.mozilla.org/security/advisories/mfsa2021-10 https://www.mozilla.org/security/advisories/mfsa2021-11 https://www.mozilla.org/security/advisories/mfsa2021-12 https://access.redhat.com/security/cve/CVE-2021-23981 https://bugzilla.redhat.com/show_bug.cgi?id=1942783 • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •