CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 2CVE-2024-0567 – Gnutls: rejects certificate chain with distributed trust
https://notcve.org/view.php?id=CVE-2024-0567
16 Jan 2024 — A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed trust. This issue occurs when validating a certificate chain with cockpit-certificate-ensure. This flaw allows an unauthenticated, remote client or attacker to initiate a denial of service attack. Se encontró una vulnerabilidad en GnuTLS, donde una cabina (que usa gnuTLS) rechaza una cadena de certificados con confianza distribuida. Este problema ocurre al validar una cadena de certificados ... • http://www.openwall.com/lists/oss-security/2024/01/19/3 • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 10.0EPSS: 46%CPEs: 5EXPL: 0CVE-2023-7024 – Google Chromium WebRTC Heap Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2023-7024
21 Dec 2023 — Heap buffer overflow in WebRTC in Google Chrome prior to 120.0.6099.129 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) El desbordamiento de búfer de almacenamiento dinámico en WebRTC en Google Chrome anterior a 120.0.6099.129 permitía a un atacante remoto explotar potencialmente la corrupción del montón a través de una página HTML manipulada. (Severidad de seguridad de Chrome: alta) Multiple vulnerabilities have been discovered in... • https://chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop_20.html • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 1%CPEs: 4EXPL: 0CVE-2023-6873 – Ubuntu Security Notice USN-6562-1
https://notcve.org/view.php?id=CVE-2023-6873
19 Dec 2023 — Memory safety bugs present in Firefox 120. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 121. Errores de seguridad de la memoria presentes en Firefox 120. Algunos de estos errores mostraron evidencia de corrupción de la memoria y suponemos que con suficiente esfuerzo algunos de ellos podrían haberse aprovechado para ejecutar código arbitrario. • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1855327%2C1862089%2C1862723 • CWE-787: Out-of-bounds Write •
CVSS: 6.4EPSS: 1%CPEs: 5EXPL: 0CVE-2023-6867 – Mozilla: Clickjacking permission prompts using the popup transition
https://notcve.org/view.php?id=CVE-2023-6867
19 Dec 2023 — The timing of a button click causing a popup to disappear was approximately the same length as the anti-clickjacking delay on permission prompts. It was possible to use this fact to surprise users by luring them to click where the permission grant button would be about to appear. This vulnerability affects Firefox ESR < 115.6 and Firefox < 121. El timing en el que se hace clic en un botón que provoca la desaparición de una ventana emergente era aproximadamente de la misma duración que el retraso anti-clickj... • https://bugzilla.mozilla.org/show_bug.cgi?id=1863863 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 7.8EPSS: 1%CPEs: 5EXPL: 0CVE-2023-6865 – Mozilla: Potential exposure of uninitialized data in <code>EncryptingOutputStream</code>
https://notcve.org/view.php?id=CVE-2023-6865
19 Dec 2023 — `EncryptingOutputStream` was susceptible to exposing uninitialized data. This issue could only be abused in order to write data to a local disk which may have implications for private browsing mode. This vulnerability affects Firefox ESR < 115.6 and Firefox < 121. `EncryptingOutputStream` era susceptible de exponer datos no inicializados. Sólo se puede abusar de este problema para escribir datos en un disco local, lo que puede tener implicaciones para el modo de navegación privada. • https://bugzilla.mozilla.org/show_bug.cgi?id=1864123 • CWE-908: Use of Uninitialized Resource •
CVSS: 10.0EPSS: 3%CPEs: 6EXPL: 0CVE-2023-6864 – Mozilla: Memory safety bugs fixed in Firefox 121, Firefox ESR 115.6, and Thunderbird 115.6
https://notcve.org/view.php?id=CVE-2023-6864
19 Dec 2023 — Memory safety bugs present in Firefox 120, Firefox ESR 115.5, and Thunderbird 115.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121. Errores de seguridad de la memoria presentes en Firefox 120, Firefox ESR 115.5 y Thunderbird 115.5. Algunos de estos errores mostraron evidencia de corrupción de memoria y suponemos... • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1736385%2C1810805%2C1846328%2C1856090%2C1858033%2C1858509%2C1862089%2C1862777%2C1864015 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 3%CPEs: 6EXPL: 0CVE-2023-6863 – Mozilla: Undefined behavior in <code>ShutdownObserver()</code>
https://notcve.org/view.php?id=CVE-2023-6863
19 Dec 2023 — The `ShutdownObserver()` was susceptible to potentially undefined behavior due to its reliance on a dynamic type that lacked a virtual destructor. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121. El `ShutdownObserver()` era susceptible a un comportamiento potencialmente indefinido debido a su dependencia de un tipo dinámico que carecía de un destructor virtual. Esta vulnerabilidad afecta a Firefox ESR <115.6, Thunderbird <115.6 y Firefox <121. The Mozilla Foun... • https://bugzilla.mozilla.org/show_bug.cgi?id=1868901 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 3%CPEs: 5EXPL: 0CVE-2023-6862 – Mozilla: Use-after-free in <code>nsDNSService</code>
https://notcve.org/view.php?id=CVE-2023-6862
19 Dec 2023 — A use-after-free was identified in the `nsDNSService::Init`. This issue appears to manifest rarely during start-up. This vulnerability affects Firefox ESR < 115.6 and Thunderbird < 115.6. Se identificó un use after free en `nsDNSService::Init`. Este problema parece manifestarse raramente durante el inicio. • https://bugzilla.mozilla.org/show_bug.cgi?id=1868042 • CWE-416: Use After Free •
CVSS: 10.0EPSS: 4%CPEs: 6EXPL: 0CVE-2023-6861 – Mozilla: Heap buffer overflow affected <code>nsWindow::PickerOpen(void)</code> in headless mode
https://notcve.org/view.php?id=CVE-2023-6861
19 Dec 2023 — The `nsWindow::PickerOpen(void)` method was susceptible to a heap buffer overflow when running in headless mode. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121. El método `nsWindow::PickerOpen(void)` era susceptible a un desbordamiento de búfer de almacenamiento dinámico cuando se ejecutaba en modo headless. Esta vulnerabilidad afecta a Firefox ESR <115.6, Thunderbird <115.6 y Firefox <121. The Mozilla Foundation Security Advisory describes this flaw as: The ... • https://bugzilla.mozilla.org/show_bug.cgi?id=1864118 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 1%CPEs: 6EXPL: 0CVE-2023-6860 – Mozilla: Potential sandbox escape due to <code>VideoBridge</code> lack of texture validation
https://notcve.org/view.php?id=CVE-2023-6860
19 Dec 2023 — The `VideoBridge` allowed any content process to use textures produced by remote decoders. This could be abused to escape the sandbox. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121. El "VideoBridge" permitía que cualquier proceso de contenido utilizara texturas producidas por decodificadores remotos. Se podría abusar de esto para escapar de la sandbox. • https://bugzilla.mozilla.org/show_bug.cgi?id=1854669 • CWE-20: Improper Input Validation •