CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-23977
https://notcve.org/view.php?id=CVE-2021-23977
Firefox for Android suffered from a time-of-check-time-of-use vulnerability that allowed a malicious application to read sensitive data from application directories. Note: This issue is only affected Firefox for Android. Other operating systems are unaffected. This vulnerability affects Firefox < 86. Firefox para Android sufrió una vulnerabilidad de tipo time-of-check-time-of-use que permitía a una aplicación maliciosa leer datos confidenciales desde los directorios de la aplicación. • https://bugzilla.mozilla.org/show_bug.cgi?id=1684761 https://security.gentoo.org/glsa/202104-10 https://www.mozilla.org/security/advisories/mfsa2021-07 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 0CVE-2021-23957
https://notcve.org/view.php?id=CVE-2021-23957
Navigations through the Android-specific `intent` URL scheme could have been misused to escape iframe sandbox. Note: This issue only affected Firefox for Android. Other operating systems are unaffected. This vulnerability affects Firefox < 85. Las navegaciones por medio del esquema de URL "intent" específico de Android podrían haber sido usado inapropiadamente para escapar del sandbox de iframe. • https://bugzilla.mozilla.org/show_bug.cgi?id=1584582 https://www.mozilla.org/security/advisories/mfsa2021-03 •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-23959
https://notcve.org/view.php?id=CVE-2021-23959
An XSS bug in internal error pages could have led to various spoofing attacks, including other error pages and the address bar. Note: This issue only affected Firefox for Android. Other operating systems are unaffected. This vulnerability affects Firefox < 85. Un bug de tipo XSS en las páginas de error internas podría conllevar a varios ataques de suplantación de identidad, incluyendo otras páginas de error y la barra de direcciones. • https://bugzilla.mozilla.org/show_bug.cgi?id=1659035 https://www.mozilla.org/security/advisories/mfsa2021-03 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-23970
https://notcve.org/view.php?id=CVE-2021-23970
Context-specific code was included in a shared jump table; resulting in assertions being triggered in multithreaded wasm code. This vulnerability affects Firefox < 86. Un código específico de contexto en una tabla de salto compartido; resultando en afirmaciones que se desencadenan en código wasm multi-hilo (multi-subproceso). Esta vulnerabilidad afecta a Firefox versiones anteriores a 86 • https://bugzilla.mozilla.org/show_bug.cgi?id=1681724 https://security.gentoo.org/glsa/202104-10 https://www.mozilla.org/security/advisories/mfsa2021-07 • CWE-617: Reachable Assertion •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-23971
https://notcve.org/view.php?id=CVE-2021-23971
When processing a redirect with a conflicting Referrer-Policy, Firefox would have adopted the redirect's Referrer-Policy. This would have potentially resulted in more information than intended by the original origin being provided to the destination of the redirect. This vulnerability affects Firefox < 86. Cuando se procesa un redireccionamiento con una Política de Referencia en conflicto, Firefox habría adoptado la Política de Referencia de redireccionamiento. Esto podría haber conllevado a que se proporcionara más información de la que pretendía mediante la fuente original hacia el destino del redireccionamiento. • https://bugzilla.mozilla.org/show_bug.cgi?id=1678545 https://security.gentoo.org/glsa/202104-10 https://www.mozilla.org/security/advisories/mfsa2021-07 •