admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-06-02 17:00:56 +00:00
parent 054ec5a93f
commit 6f2dab0d86
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
9 changed files with 293 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
2023/28xxx/CVE-2023-28159.json
View File

@ -4,14 +4,64 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-28159",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mozilla.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Mozilla",
"product": {
"product_data": [
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_value": "111",
"version_affected": "<"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Fullscreen Notification could have been hidden by download popups on Android"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-09/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2023-09/"
},
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1783561",
"refsource": "MISC",
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1783561"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The fullscreen notification could have been hidden on Firefox for Android by using download popups, resulting in potential user confusion or spoofing attacks. <br>*This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 111."
}
]
}

56
2023/28xxx/CVE-2023-28161.json
View File

@ -4,14 +4,64 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-28161",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mozilla.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Mozilla",
"product": {
"product_data": [
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_value": "111",
"version_affected": "<"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "One-time permissions granted to a local file were extended to other local files loaded in the same tab"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-09/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2023-09/"
},
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1811181",
"refsource": "MISC",
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1811181"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "If temporary \"one-time\" permissions, such as the ability to use the Camera, were granted to a document loaded using a file: URL, that permission persisted in that tab for all other documents loaded from a file: URL. This is potentially dangerous if the local files came from different sources, such as in a download directory. This vulnerability affects Firefox < 111."
}
]
}

2
2023/28xxx/CVE-2023-28176.json
View File

@ -93,7 +93,7 @@
"description_data": [
{
"lang": "eng",
"value": "Memory safety bugs present in Firefox 110 and Firefox ESR 102.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9."
"value": "Mozilla developers Timothy Nikkel, Andrew McCreight, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 110 and Firefox ESR 102.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9."
}
]
}

2
2023/28xxx/CVE-2023-28177.json
View File

@ -61,7 +61,7 @@
"description_data": [
{
"lang": "eng",
"value": "Memory safety bugs present in Firefox 110. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 111."
"value": "Mozilla developers and community members Calixte Denizet, Gabriele Svelto, Andrew McCreight, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 110. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 111."
}
]
}

110
2023/29xxx/CVE-2023-29539.json
View File

@ -4,14 +4,118 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-29539",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mozilla.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Mozilla",
"product": {
"product_data": [
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_value": "112",
"version_affected": "<"
}
]
}
},
{
"product_name": "Focus for Android",
"version": {
"version_data": [
{
"version_value": "112",
"version_affected": "<"
}
]
}
},
{
"product_name": "Firefox ESR",
"version": {
"version_data": [
{
"version_value": "102.10",
"version_affected": "<"
}
]
}
},
{
"product_name": "Firefox for Android",
"version": {
"version_data": [
{
"version_value": "112",
"version_affected": "<"
}
]
}
},
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_value": "102.10",
"version_affected": "<"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Content-Disposition filename truncation leads to Reflected File Download"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-15/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2023-15/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-14/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2023-14/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-13/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2023-13/"
},
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1784348",
"refsource": "MISC",
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1784348"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "When handling the filename directive in the Content-Disposition header, the filename would be truncated if the filename contained a NULL character. This could have led to reflected file download attacks potentially tricking users to install malware. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10."
}
]
}

78
2023/29xxx/CVE-2023-29540.json
View File

@ -4,14 +4,86 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-29540",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mozilla.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Mozilla",
"product": {
"product_data": [
{
"product_name": "Firefox for Android",
"version": {
"version_data": [
{
"version_value": "112",
"version_affected": "<"
}
]
}
},
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_value": "112",
"version_affected": "<"
}
]
}
},
{
"product_name": "Focus for Android",
"version": {
"version_data": [
{
"version_value": "112",
"version_affected": "<"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Iframe sandbox bypass using redirects and sourceMappingUrls"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-13/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2023-13/"
},
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1790542",
"refsource": "MISC",
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1790542"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Using a redirect embedded into <code>sourceMappingUrls</code> could allow for navigation to external protocol links in sandboxed iframes without <code>allow-top-navigation-to-custom-protocols</code>. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112."
}
]
}

2
2023/29xxx/CVE-2023-29550.json
View File

@ -115,7 +115,7 @@
"description_data": [
{
"lang": "eng",
"value": "Memory safety bugs present in Firefox 111 and Firefox ESR 102.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10."
"value": "Mozilla developers Randell Jesup, Andrew Osmond, Sebastian Hengst, Andrew McCreight, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 111 and Firefox ESR 102.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10."
}
]
}

2
2023/29xxx/CVE-2023-29551.json
View File

@ -83,7 +83,7 @@
"description_data": [
{
"lang": "eng",
"value": "Memory safety bugs present in Firefox 111. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112."
"value": "Mozilla developers Randell Jesup, Andrew McCreight, Gabriele Svelto, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 111. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112."
}
]
}

2
2023/32xxx/CVE-2023-32215.json
View File

@ -93,7 +93,7 @@
"description_data": [
{
"lang": "eng",
"value": "Memory safety bugs present in Firefox 112 and Firefox ESR 102.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11."
"value": "Mozilla developers and community members Gabriele Svelto, Andrew Osmond, Emily McDonough, Sebastian Hengst, Andrew McCreight and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 112 and Firefox ESR 102.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11."
}
]
}