‼ CVE-2023-4577 ‼
📖 Read
via "National Vulnerability Database".
When `UpdateRegExpStatics` attempted to access `initialStringHeap` it could already have been garbage collected prior to entering the function, which could potentially have led to an exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-4104 ‼
📖 Read
via "National Vulnerability Database".
An invalid Polkit Authentication check and missing authentication requirements for D-Bus methods allowed any local user to configure arbitrary VPN setups.*This bug only affects Mozilla VPN on Linux. Other operating systems are unaffected.* This vulnerability affects Mozilla VPN client for Linux < v2.16.1.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-4576 ‼
📖 Read
via "National Vulnerability Database".
On Windows, an integer overflow could occur in `RecordedSourceSurfaceCreation` which resulted in a heap buffer overflow potentially leaking sensitive data that could have led to a sandbox escape.*This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, and Thunderbird < 115.2.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-4575 ‼
📖 Read
via "National Vulnerability Database".
When creating a callback over IPC for showing the File Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. This could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, and Thunderbird < 115.2.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-40039 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered on ARRIS TG852G, TG862G, and TG1672G devices. A remote attacker (in proximity to a Wi-Fi network) can derive the default WPA2-PSK value by observing a beacon frame.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-4583 ‼
📖 Read
via "National Vulnerability Database".
When checking if the Browsing Context had been discarded in `HttpBaseChannel`, if the load group was not available then it was assumed to have already been discarded which was not always the case for private channels after the private session had ended. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-35845 ‼
📖 Read
via "National Vulnerability Database".
Anaconda 3 2023.03-1-Linux allows local users to disrupt TLS certificate validation by modifying the cacert.pem file used by the installed pip program. This occurs because many files are installed as world-writable on Linux, ignoring umask, even when these files are installed as root. Miniconda is also affected.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-4573 ‼
📖 Read
via "National Vulnerability Database".
When receiving rendering data over IPC `mStream` could have been destroyed when initialized, which could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, and Thunderbird < 115.2.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-4578 ‼
📖 Read
via "National Vulnerability Database".
When calling `JS::CheckRegExpSyntax` a Syntax Error could have been set which would end in calling `convertToRuntimeErrorAndClear`. A path in the function could attempt to allocate memory when none is available which would have caused a newly created Out of Memory exception to be mishandled as a Syntax Error. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-4580 ‼
📖 Read
via "National Vulnerability Database".
Push notifications stored on disk in private browsing mode were not being encrypted potentially allowing the leak of sensitive information. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-4579 ‼
📖 Read
via "National Vulnerability Database".
Search queries in the default search engine could appear to have been the currently navigated URL if the search query itself was a well formed URL. This could have led to a site spoofing another if it had been maliciously set as the default search engine. This vulnerability affects Firefox < 117.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-40040 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in the MyCrops HiGrade "THC Testing & Cannabi" application 1.0.337 for Android. A remote attacker can start the camera feed via the com.cordovaplugincamerapreview.CameraActivity component in some situations. NOTE: this is only exploitable on Android versions that lack runtime permission checks, and of those only Android SDK 5.1.1 API 22 is consistent with the manifest. Thus, this applies only to Android Lollipop, affecting less than five percent of Android devices as of 2023.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-42470 ‼
📖 Read
via "National Vulnerability Database".
The Imou Life com.mm.android.smartlifeiot application through 6.8.0 for Android allows Remote Code Execution via a crafted intent to an exported component. This relates to the com.mm.android.easy4ip.MainActivity activity. JavaScript execution is enabled in the WebView, and direct web content loading occurs.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-4581 ‼
📖 Read
via "National Vulnerability Database".
Excel `.xll` add-in files did not have a blocklist entry in Firefox's executable blocklist which allowed them to be downloaded without any warning of their potential harm. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, and Thunderbird < 115.2.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-4585 ‼
📖 Read
via "National Vulnerability Database".
Memory safety bugs present in Firefox 116, Firefox ESR 115.1, and Thunderbird 115.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-4816 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability exists in the Equipment Tag Out authentication, when configured with Single Sign-On (SSO) with password validation in T214. This vulnerability can be exploited by an authenticated user per-forming an Equipment Tag Out holder action (Accept, Release, and Clear) for another user and entering an arbitrary password in the holder action confirmation dialog box. Despite entering an arbitrary password in the confirmation box, the system will execute the selected holder action.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-4582 ‼
📖 Read
via "National Vulnerability Database".
Due to large allocation checks in Angle for glsl shaders being too lenient a buffer overflow could have occured when allocating too much private shader memory on mac OS. *This bug only affects Firefox on macOS. Other operating systems are unaffected.* This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2.📖 Read
via "National Vulnerability Database".
❤1
‼ CVE-2023-42471 ‼
📖 Read
via "National Vulnerability Database".
The wave.ai.browser application through 1.0.35 for Android allows a remote attacker to execute arbitrary JavaScript code via a crafted intent. It contains a manifest entry that exports the wave.ai.browser.ui.splash.SplashScreen activity. This activity uses a WebView component to display web content and doesn't adequately validate or sanitize the URI or any extra data passed in the intent by a third party application (with no permissions).📖 Read
via "National Vulnerability Database".
‼ CVE-2023-4574 ‼
📖 Read
via "National Vulnerability Database".
When creating a callback over IPC for showing the Color Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. This could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, and Thunderbird < 115.2.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-4584 ‼
📖 Read
via "National Vulnerability Database".
Memory safety bugs present in Firefox 116, Firefox ESR 102.14, Firefox ESR 115.1, Thunderbird 102.14, and Thunderbird 115.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, and Thunderbird < 115.2.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-36161 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Qubo Smart Plug 10A version HSP02_01_01_14_SYSTEM-10A, allows attackers to cause a denial of service (DoS) via Wi-Fi deauthentication.📖 Read
via "National Vulnerability Database".