
CVE-2024-43498 – .NET and Visual Studio Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-43498
12 Nov 2024 — .NET and Visual Studio Remote Code Execution Vulnerability A type confusion vulnerability was found in .NET 9.0 Core in .NET that leads to AV in the .NET Core NrbfDecoder component. An update for firefox is now available for Red Hat Enterprise Linux 9. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43498 • CWE-704: Incorrect Type Conversion or Cast CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •

CVE-2024-7652 – mozilla: Type Confusion in Async Generators in Javascript Engine
https://notcve.org/view.php?id=CVE-2024-7652
06 Sep 2024 — An error in the ECMA-262 specification relating to Async Generators could have resulted in a type confusion, potentially leading to memory corruption and an exploitable crash. This vulnerability affects Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, and Thunderbird < 128. ... The Mozilla Foundation Security Advisory describes this flaw as follows: An error in the ECMA-262 specification relating to Async Generators could have resulted in a type confusion,... • https://bugzilla.mozilla.org/show_bug.cgi?id=1901411 • CWE-476: NULL Pointer Dereference CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •

CVE-2024-8386 – mozilla: SelectElements could be shown over another site if popups are allowed
https://notcve.org/view.php?id=CVE-2024-8386
03 Sep 2024 — This vulnerability affects Firefox < 130 and Firefox ESR < 128.2. ... This vulnerability affects Firefox < 130, Firefox ESR < 128.2, and Thunderbird < 128.2. ... Multiple security issues were discovered in Firefox. ... Nils Bars discovered that Firefox contained a type confusion vulnerability when performing certain property name lookups. • https://bugzilla.mozilla.org/show_bug.cgi?id=1907032 • CWE-290: Authentication Bypass by Spoofing CWE-358: Improperly Implemented Security Check for Standard •

CVE-2024-8385 – mozilla: WASM type confusion involving ArrayTypes
https://notcve.org/view.php?id=CVE-2024-8385
03 Sep 2024 — A difference in the handling of StructFields and ArrayTypes in WASM could be used to trigger an exploitable type confusion vulnerability. A difference in the handling of StructFields and ArrayTypes in WASM could be used to trigger an exploitable type confusion vulnerability. ... A difference in the handling of StructFields and ArrayTypes in WASM could be used to trigger an exploitable type confusion vulnerability. ... The Mozilla Foundation's Security Advisory: A di... • https://bugzilla.mozilla.org/show_bug.cgi?id=1911909 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •

CVE-2024-8384 – mozilla: Garbage collection could mis-color cross-compartment objects in OOM conditions
https://notcve.org/view.php?id=CVE-2024-8384
03 Sep 2024 — This vulnerability affects Firefox < 130, Firefox ESR < 128.2, and Firefox ESR < 115.15. ... This vulnerability affects Firefox < 130, Firefox ESR < 128.2, Firefox ESR < 115.15, Thunderbird < 128.2, and Thunderbird < 115.15. ... USN-6992-1 fixed vulnerabilities in Firefox. ... Nils Bars discovered that Firefox contained a type confusion vulnerability when performing certain property name lookups. ... Seunghyun Lee discovered that Firef... • https://bugzilla.mozilla.org/show_bug.cgi?id=1911288 • CWE-416: Use After Free CWE-787: Out-of-bounds Write •

CVE-2024-8383 – mozilla: Firefox did not ask before openings news: links in an external application
https://notcve.org/view.php?id=CVE-2024-8383
03 Sep 2024 — The website that served the application download could then launch that application at will This vulnerability affects Firefox < 130, Firefox ESR < 128.2, and Firefox ESR < 115.15. ... This vulnerability affects Firefox < 130, Firefox ESR < 128.2, and Firefox ESR < 115.15. ... USN-6992-1 fixed vulnerabilities in Firefox. ... Nils Bars discovered that Firefox contained a type confusion vulnerability when performing certain property name lo... • https://bugzilla.mozilla.org/show_bug.cgi?id=1908496 • CWE-862: Missing Authorization CWE-1188: Initialization of a Resource with an Insecure Default •

CVE-2024-8381 – mozilla: Type confusion when looking up a property name in a "with" block
https://notcve.org/view.php?id=CVE-2024-8381
03 Sep 2024 — A potentially exploitable type confusion could be triggered when looking up a property name on an object being used as the `with` environment. A potentially exploitable type confusion could be triggered when looking up a property name on an object being used as the `with` environment. ... A potentially exploitable type confusion could be triggered when looking up a property name on an object being used as the `with` environment. ... The Mozilla Foundation's Security... • https://github.com/bjrjk/CVE-2024-8381 • CWE-704: Incorrect Type Conversion or Cast CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •

CVE-2024-7520 – mozilla: Type confusion in WebAssembly
https://notcve.org/view.php?id=CVE-2024-7520
06 Aug 2024 — A type confusion bug in WebAssembly could be leveraged by an attacker to potentially achieve code execution. A type confusion bug in WebAssembly could be leveraged by an attacker to potentially achieve code execution. This vulnerability affects Firefox < 129 and Firefox ESR < 128.1. A type confusion bug in WebAssembly could be leveraged by an attacker to potentially achieve code execution. ... The Mozilla Foundation Security Advisory describes this fla... • https://bugzilla.mozilla.org/show_bug.cgi?id=1903041 •

CVE-2024-3852 – Mozilla: GetBoundName in the JIT returned the wrong object
https://notcve.org/view.php?id=CVE-2024-3852
16 Apr 2024 — This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10. ... Esta vulnerabilidad afecta a Firefox < 125 y Firefox ESR < 115.10. ... Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or clickjacking. • https://bugzilla.mozilla.org/show_bug.cgi?id=1883542 • CWE-386: Symbolic Name not Mapping to Correct Object CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •

CVE-2023-28162 – Mozilla: Invalid downcast in Worklets
https://notcve.org/view.php?id=CVE-2023-28162
16 Mar 2023 — While implementing AudioWorklets, some code may have casted one type to another, invalid, dynamic type. ... This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9. The Mozilla Foundation Security Advisory describes this flaw as: While implementing AudioWorklets, some code may have cast one type to another, invalid, dynamic type. ... Multiple security issues were discovered in Firefox. ... Lukas Bernhard discovered that Firef... • https://bugzilla.mozilla.org/show_bug.cgi?id=1811327 • CWE-704: Incorrect Type Conversion or Cast CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •