![]() This vulnerability affects Firefox *This bug only affects Thunderbird for Linux. This vulnerability affects Firefox *Note*: This issue was originally included in the advisories for Thunderbird 102.6, but a patch (specific to Thunderbird) was omitted, resulting in it actually being fixed in Thunderbird 102.6.1. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR *Note: This issue only affected Mac OS operating systems. The fix was included in the original release of Firefox 105. This vulnerability affects Firefox *Note*: This advisory was added on December 13th, 2022 after we better understood the impact of the issue. This vulnerability affects Firefox tData. Data could then be potentially exfiltrated from the browser. This vulnerability affects Firefox console.log weren't accounting for external URLs. This vulnerability affects Firefox Content-Security-Policy-Report-Only header could allow an attacker to leak a child iframe's unredacted URI when interaction with that iframe triggers a redirect. This could lead to further malicious actions such as downloading files or interacting with software already installed on the system. This vulnerability affects Firefox ContentPrincipals resulting in extensions being able to open them without user interaction via ExpandedPrincipals. This vulnerability affects Firefox requestFullscreen and then blocking the main thread could force the browser into fullscreen mode indefinitely, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox inputStream in xpcom the size of the input being encoded was not correctly calculated potentially leading to an out of bounds memory write. This also had the potential to leak NTLM credentials to the resource.*This bug only affects Firefox on Windows. url shortcut from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system. This vulnerability affects Firefox nsTextNode to SVGElement could have lead to undefined behavior. ![]() This vulnerability affects Firefox DEVMODEW struct set by the printer device driver weren't being validated and could have resulted in invalid values which in turn would cause the browser to attempt out of bounds access to related variables.*This bug only affects Firefox on Windows. This vulnerability affects Firefox ScriptLoadContext. Other versions of Firefox are unaffected.*. This vulnerability affects Firefox *This bug only affects Firefox on Windows. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox window.open, fullscreen requests, window.name assignments, and setInterval calls. Other operating systems are unaffected, and Mozilla is unable to enumerate all affected Linux Distributions.*. *This bug only affects Firefox for Linux on certain Distributions. desktop, which can be interpreted to run attacker-controlled commands. This vulnerability affects Firefox datalist element to obscure the address bar. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. Memory safety bugs present in Firefox 116, Firefox ESR 115.1, and Thunderbird 115.1. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |