CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-5172
https://notcve.org/view.php?id=CVE-2023-5172
This vulnerability affects Firefox < 118. ... Esta vulnerabilidad afecta a Firefox < 118. • https://bugzilla.mozilla.org/show_bug.cgi?id=1852218 https://security.gentoo.org/glsa/202401-10 https://www.mozilla.org/security/advisories/mfsa2023-41 • CWE-416: Use After Free •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2023-5176 – Mozilla: Memory safety bugs fixed in Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3
https://notcve.org/view.php?id=CVE-2023-5176
Memory safety bugs present in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2. ... This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3. Errores de seguridad de la memoria presentes en Firefox 117, Firefox ESR 115.2 y Thunderbird 115.2. ... Esta vulnerabilidad afecta a Firefox < 118, Firefox ESR < 115.3 y Thunderbird < 115.3. ... The Mozilla Foundation Security Advisory describes this flaw as: Memory safety bugs are present in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2. • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1836353%2C1842674%2C1843824%2C1843962%2C1848890%2C1850180%2C1850983%2C1851195 https://lists.debian.org/debian-lts-announce/2023/09/msg00034.html https://lists.debian.org/debian-lts-announce/2023/10/msg00015.html https://www.debian.org/security/2023/dsa-5506 https://www.debian.org/security/2023/dsa-5513 https://www.mozilla.org/security/advisories/mfsa2023-41 https://www.mozilla.org/security/advisories/mfsa2023-42 https://www.mozilla.org/security/ • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-5174
https://notcve.org/view.php?id=CVE-2023-5174
If Windows failed to duplicate a handle during process creation, the sandbox code may have inadvertently freed a pointer twice, resulting in a use-after-free and a potentially exploitable crash. *This bug only affects Firefox on Windows when run in non-standard configurations (such as using `runas`). Other operating systems are unaffected.* This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3. ... *Este error sólo afecta a Firefox en Windows cuando se ejecuta en configuraciones no estándar (como el uso de `runas`). Otros sistemas operativos no se ven afectados.* Esta vulnerabilidad afecta a Firefox < 118, Firefox ESR < 115.3 y Thunderbird < 115.3. • https://bugzilla.mozilla.org/show_bug.cgi?id=1848454 https://www.mozilla.org/security/advisories/mfsa2023-41 https://www.mozilla.org/security/advisories/mfsa2023-42 https://www.mozilla.org/security/advisories/mfsa2023-43 • CWE-416: Use After Free •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-5168
https://notcve.org/view.php?id=CVE-2023-5168
A compromised content process could have provided malicious data to `FilterNodeD2D1` resulting in an out-of-bounds write, leading to a potentially exploitable crash in a privileged process. *This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3. ... *Este error sólo afecta a Firefox en Windows. Otros sistemas operativos no se ven afectados.* Esta vulnerabilidad afecta a Firefox < 118, Firefox ESR < 115.3 y Thunderbird < 115.3. • https://bugzilla.mozilla.org/show_bug.cgi?id=1846683 https://www.mozilla.org/security/advisories/mfsa2023-41 https://www.mozilla.org/security/advisories/mfsa2023-42 https://www.mozilla.org/security/advisories/mfsa2023-43 • CWE-787: Out-of-bounds Write •
CVSS: 9.6EPSS: 44%CPEs: 16EXPL: 12CVE-2023-4863 – Google Chromium WebP Heap-Based Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2023-4863
Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical) El desbordamiento del búfer de memoria en libwebp en Google Chrome anterior a 116.0.5845.187 y libwebp 1.3.2 permitía a un atacante remoto realizar una escritura en memoria fuera de los límites a través de una página HTML manipulada. (Severidad de seguridad de Chromium: crítica) A heap-based buffer flaw was found in the way libwebp, a library used to process "WebP" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this library. Google Chromium WebP contains a heap-based buffer overflow vulnerability that allows a remote attacker to perform an out-of-bounds memory write via a crafted HTML page. • https://github.com/alsaeroth/CVE-2023-4863-POC https://github.com/mistymntncop/CVE-2023-4863 https://github.com/LiveOverflow/webp-CVE-2023-4863 https://github.com/bbaranoff/CVE-2023-4863 https://github.com/talbeerysec/BAD-WEBP-CVE-2023-4863 https://github.com/huiwen-yayaya/CVE-2023-4863 https://github.com/CrackerCat/CVE-2023-4863- https://github.com/sarsaeroth/CVE-2023-4863-POC http://www.openwall.com/lists/oss-security/2023/09/21/4 http://www.openwall.com/list • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •