CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2023-4584 – Mozilla: Memory safety bugs fixed in Firefox 117, Firefox ESR 102.15, Firefox ESR 115.2, Thunderbird 102.15, and Thunderbird 115.2
https://notcve.org/view.php?id=CVE-2023-4584
30 Aug 2023 — Memory safety bugs present in Firefox 116, Firefox ESR 102.14, Firefox ESR 115.1, Thunderbird 102.14, and Thunderbird 115.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2. Errores de seguridad de la memoria presentes en Firefox 116, Firefox ESR 102.14, Firefox ESR 115.... • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1843968%2C1845205%2C1846080%2C1846526%2C1847529 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 3.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-4579 – Gentoo Linux Security Advisory 202401-10
https://notcve.org/view.php?id=CVE-2023-4579
30 Aug 2023 — Search queries in the default search engine could appear to have been the currently navigated URL if the search query itself was a well formed URL. This could have led to a site spoofing another if it had been maliciously set as the default search engine. This vulnerability affects Firefox < 117. Las consultas de búsqueda en el motor de búsqueda predeterminado podrían parecer haber sido la URL navegada actualmente si la consulta de búsqueda en sí fuera una URL bien formada. Esto podría haber llevado a que u... • https://bugzilla.mozilla.org/show_bug.cgi?id=1842766 •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-46884
https://notcve.org/view.php?id=CVE-2022-46884
24 Aug 2023 — A potential use-after-free vulnerability existed in SVG Images if the Refresh Driver was destroyed at an inopportune time. This could have lead to memory corruption or a potentially exploitable crash. *Note*: This advisory was added on December 13th, 2022 after discovering it was inadvertently left out of the original advisory. The fix was included in the original release of Firefox 106. This vulnerability affects Firefox < 106. A potential use-after-free vulnerability existed in SVG Images if the Refresh D... • https://bugzilla.mozilla.org/show_bug.cgi?id=1786818 • CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-4058 – Gentoo Linux Security Advisory 202401-10
https://notcve.org/view.php?id=CVE-2023-4058
01 Aug 2023 — Memory safety bugs present in Firefox 115. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 116. Fallos de seguridad de memoria presentes en Firefox 115. Algunos de estos fallos mostraban evidencias de corrupción de memoria y suponemos que con el suficiente esfuerzo algunos de ellos podrían haber sido explotados para ejecutar código arbitrario. • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1819160%2C1828024 • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-4057 – Mozilla: Memory safety bugs fixed in Firefox ESR 115.1, and Thunderbird 115.1
https://notcve.org/view.php?id=CVE-2023-4057
01 Aug 2023 — Memory safety bugs present in Firefox 115, Firefox ESR 115.0, and Thunderbird 115.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 116, Firefox ESR < 115.1, and Thunderbird < 115.1. Fallos de seguridad de memoria presentes en Firefox 115, Firefox ESR 115.0 y Thunderbird 115.0. Algunos de estos fallos mostraban evidencias de corrupción de memoria y suponemos que... • https://bugzilla.mozilla.org/show_bug.cgi?id=1841682 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 1%CPEs: 6EXPL: 0CVE-2023-4056 – Mozilla: Memory safety bugs fixed in Firefox 116, Firefox ESR 115.1, Firefox ESR 102.14, Thunderbird 115.1, and Thunderbird 102.14
https://notcve.org/view.php?id=CVE-2023-4056
01 Aug 2023 — Memory safety bugs present in Firefox 115, Firefox ESR 115.0, Firefox ESR 102.13, Thunderbird 115.0, and Thunderbird 102.13. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. Fallos de seguridad de memoria presentes en Firefox 115, Firefox ESR 115.0, Firefox ESR 102.13, Thunderbird 115.0 y Thunderbird 102.13. Algu... • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1820587%2C1824634%2C1839235%2C1842325%2C1843847 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-4055 – Mozilla: Cookie jar overflow caused unexpected cookie jar state
https://notcve.org/view.php?id=CVE-2023-4055
01 Aug 2023 — When the number of cookies per domain was exceeded in `document.cookie`, the actual cookie jar sent to the host was no longer consistent with expected cookie jar state. This could have caused requests to be sent with some cookies missing. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. Cuando se superaba el número de cookies por dominio en `document.cookie`, el tarro de cookies real enviado al host ya no era coherente con el estado de tarro de cookies esperado. Esto ... • https://bugzilla.mozilla.org/show_bug.cgi?id=1782561 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-784: Reliance on Cookies without Validation and Integrity Checking in a Security Decision •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-4054 – Gentoo Linux Security Advisory 202402-25
https://notcve.org/view.php?id=CVE-2023-4054
01 Aug 2023 — When opening appref-ms files, Firefox did not warn the user that these files may contain malicious code. *This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 116, Firefox ESR < 102.14, Firefox ESR < 115.1, Thunderbird < 102.14, and Thunderbird < 115.1. Al abrir archivos appref-ms, Firefox no advertía al usuario de que estos archivos podían contener código malicioso. Este fallo sólo afecta a Firefox en Windows. • https://bugzilla.mozilla.org/show_bug.cgi?id=1840777 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-4053 – Mozilla: Full screen notification obscured by external program
https://notcve.org/view.php?id=CVE-2023-4053
01 Aug 2023 — A website could have obscured the full screen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 116, Firefox ESR < 115.2, and Thunderbird < 115.2. Un sitio web podría haber oscurecido la notificación en pantalla completa utilizando una URL con un esquema manejado por un programa externo, como una URL de correo. Esto podría haber generado confusión en los usu... • https://bugzilla.mozilla.org/show_bug.cgi?id=1839079 • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-290: Authentication Bypass by Spoofing •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-4052 – Gentoo Linux Security Advisory 202402-25
https://notcve.org/view.php?id=CVE-2023-4052
01 Aug 2023 — The Firefox updater created a directory writable by non-privileged users. When uninstalling Firefox, any files in that directory would be recursively deleted with the permissions of the uninstalling user account. This could be combined with creation of a junction (a form of symbolic link) to allow arbitrary file deletion controlled by the non-privileged user. *This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 116, Firefox ESR < 115.1, and... • https://bugzilla.mozilla.org/show_bug.cgi?id=1824420 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •