CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-4421
https://notcve.org/view.php?id=CVE-2023-4421
The NSS code used for checking PKCS#1 v1.5 was leaking information useful in mounting Bleichenbacher-like attacks. Both the overall correctness of the padding as well as the length of the encrypted message was leaking through timing side-channel. By sending large number of attacker-selected ciphertexts, the attacker would be able to decrypt a previously intercepted PKCS#1 v1.5 ciphertext (for example, to decrypt a TLS session that used RSA key exchange), or forge a signature using the victim's key. The issue was fixed by implementing the implicit rejection algorithm, in which the NSS returns a deterministic random message in case invalid padding is detected, as proposed in the Marvin Attack paper. This vulnerability affects NSS < 3.61. • https://bugzilla.mozilla.org/show_bug.cgi?id=1651411 https://www.mozilla.org/security/advisories/mfsa2023-53 • CWE-203: Observable Discrepancy •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-49061
https://notcve.org/view.php?id=CVE-2023-49061
An attacker could have performed HTML template injection via Reader Mode and exfiltrated user information. This vulnerability affects Firefox for iOS < 120. Un atacante podría haber realizado una inyección de plantilla HTML a través del modo Lector y extraído información del usuario. Esta vulnerabilidad afecta a Firefox para iOS < 120. • https://bugzilla.mozilla.org/show_bug.cgi?id=1861420 https://www.mozilla.org/security/advisories/mfsa2023-51 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-49060
https://notcve.org/view.php?id=CVE-2023-49060
An attacker could have accessed internal pages or data by ex-filtrating a security key from ReaderMode via the `referrerpolicy` attribute. This vulnerability affects Firefox for iOS < 120. Un atacante podría haber accedido a páginas o datos internos filtrando una clave de seguridad de ReaderMode a través del atributo "referrerpolicy". Esta vulnerabilidad afecta a Firefox para iOS < 120. • https://bugzilla.mozilla.org/show_bug.cgi?id=1861405 https://www.mozilla.org/security/advisories/mfsa2023-51 •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-6213
https://notcve.org/view.php?id=CVE-2023-6213
Memory safety bugs present in Firefox 119. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 120. Errores de seguridad de la memoria presentes en Firefox 119. Algunos de estos errores mostraron evidencia de corrupción de la memoria y suponemos que con suficiente esfuerzo algunos de ellos podrían haberse aprovechado para ejecutar código arbitrario. • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1849265%2C1851118%2C1854911 https://security.gentoo.org/glsa/202401-10 https://www.mozilla.org/security/advisories/mfsa2023-49 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2023-6212 – Mozilla: Memory safety bugs fixed in Firefox 120, Firefox ESR 115.5, and Thunderbird 115.5
https://notcve.org/view.php?id=CVE-2023-6212
Memory safety bugs present in Firefox 119, Firefox ESR 115.4, and Thunderbird 115.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5. Errores de seguridad de la memoria presentes en Firefox 119, Firefox 115.4 y Thunderbird 115.4. Algunos de estos errores mostraron evidencia de corrupción de memoria y suponemos que con suficiente esfuerzo algunos de ellos podrían haberse aprovechado para ejecutar código arbitrario. • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1658432%2C1820983%2C1829252%2C1856072%2C1856091%2C1859030%2C1860943%2C1862782 https://lists.debian.org/debian-lts-announce/2023/11/msg00017.html https://lists.debian.org/debian-lts-announce/2023/11/msg00030.html https://www.debian.org/security/2023/dsa-5561 https://www.mozilla.org/security/advisories/mfsa2023-49 https://www.mozilla.org/security/advisories/mfsa2023-50 https://www.mozilla.org/security/advisories/mfsa2023-52 https://access.redhat.com/se • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •