diff --git a/2023/48xxx/CVE-2023-48124.json b/2023/48xxx/CVE-2023-48124.json index 8238cd806e8..c77e4d16221 100644 --- a/2023/48xxx/CVE-2023-48124.json +++ b/2023/48xxx/CVE-2023-48124.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-48124", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-48124", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross Site Scripting in SUP Online Shopping v.1.0 allows a remote attacker to execute arbitrary code via the Name, Email and Address parameters in the Register New Account component." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.sourcecodester.com/", + "refsource": "MISC", + "name": "https://www.sourcecodester.com/" + }, + { + "refsource": "MISC", + "name": "https://patelvarshil.medium.com/cve-2023-48124-xss-vulnerability-in-an-e-commerce-platform-ad7d4ab77af4", + "url": "https://patelvarshil.medium.com/cve-2023-48124-xss-vulnerability-in-an-e-commerce-platform-ad7d4ab77af4" } ] } diff --git a/2023/49xxx/CVE-2023-49060.json b/2023/49xxx/CVE-2023-49060.json index acc7f76b822..1f51dd8a422 100644 --- a/2023/49xxx/CVE-2023-49060.json +++ b/2023/49xxx/CVE-2023-49060.json @@ -1,18 +1,75 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-49060", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An attacker could have accessed internal pages or data by ex-filtrating a security key from ReaderMode via the `referrerpolicy` attribute. This vulnerability affects Firefox for iOS < 120." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Privilege escalation through in ReaderMode" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox for iOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "120" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1861405", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1861405" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2023-51/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2023-51/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Muneaki Nishimura" + } + ] } \ No newline at end of file diff --git a/2023/49xxx/CVE-2023-49061.json b/2023/49xxx/CVE-2023-49061.json index 3f58fdfb55f..930b8fbbdaf 100644 --- a/2023/49xxx/CVE-2023-49061.json +++ b/2023/49xxx/CVE-2023-49061.json @@ -1,18 +1,75 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-49061", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An attacker could have performed HTML template injection via Reader Mode and exfiltrated user information. This vulnerability affects Firefox for iOS < 120." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "HTML injection in %READER-BYLINE% of ReaderMode" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox for iOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "120" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1861420", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1861420" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2023-51/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2023-51/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Muneaki Nishimura" + } + ] } \ No newline at end of file diff --git a/2023/49xxx/CVE-2023-49074.json b/2023/49xxx/CVE-2023-49074.json new file mode 100644 index 00000000000..42d4f8682b9 --- /dev/null +++ b/2023/49xxx/CVE-2023-49074.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-49074", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/6xxx/CVE-2023-6204.json b/2023/6xxx/CVE-2023-6204.json index 6ae83c62fc2..b08e284d329 100644 --- a/2023/6xxx/CVE-2023-6204.json +++ b/2023/6xxx/CVE-2023-6204.json @@ -1,18 +1,97 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-6204", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "On some systems\u2014depending on the graphics settings and drivers\u2014it was possible to force an out-of-bounds read and leak memory data into the images created on the canvas element. This vulnerability affects Firefox < 120, Firefox < 115.5, and Thunderbird < 115.5.0." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bound memory access in WebGL2 blitFramebuffer" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "120" + } + ] + } + }, + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "115.5.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1841050", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1841050" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2023-49/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2023-49/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2023-50/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2023-50/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2023-52/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2023-52/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "JSec of Hayyim Security" + } + ] } \ No newline at end of file diff --git a/2023/6xxx/CVE-2023-6205.json b/2023/6xxx/CVE-2023-6205.json index 4caec663613..f64e73f9ea2 100644 --- a/2023/6xxx/CVE-2023-6205.json +++ b/2023/6xxx/CVE-2023-6205.json @@ -1,18 +1,97 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-6205", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "It was possible to cause the use of a MessagePort after it had already been freed, which could potentially have led to an exploitable crash. This vulnerability affects Firefox < 120, Firefox < 115.5, and Thunderbird < 115.5.0." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use-after-free in MessagePort::Entangled" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "120" + } + ] + } + }, + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "115.5.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1854076", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1854076" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2023-49/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2023-49/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2023-50/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2023-50/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2023-52/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2023-52/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Yangkang of 360 ATA Team" + } + ] } \ No newline at end of file diff --git a/2023/6xxx/CVE-2023-6206.json b/2023/6xxx/CVE-2023-6206.json index 7670ff5f886..2389c066f4b 100644 --- a/2023/6xxx/CVE-2023-6206.json +++ b/2023/6xxx/CVE-2023-6206.json @@ -1,18 +1,97 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-6206", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The black fade animation when exiting fullscreen is roughly the length of the anti-clickjacking delay on permission prompts. It was possible to use this fact to surprise users by luring them to click where the permission grant button would be about to appear. This vulnerability affects Firefox < 120, Firefox < 115.5, and Thunderbird < 115.5.0." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Clickjacking permission prompts using the fullscreen transition" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "120" + } + ] + } + }, + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "115.5.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1857430", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1857430" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2023-49/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2023-49/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2023-50/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2023-50/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2023-52/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2023-52/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Hafiizh" + } + ] } \ No newline at end of file diff --git a/2023/6xxx/CVE-2023-6207.json b/2023/6xxx/CVE-2023-6207.json index 168cbee9920..7f3b1ada570 100644 --- a/2023/6xxx/CVE-2023-6207.json +++ b/2023/6xxx/CVE-2023-6207.json @@ -1,18 +1,97 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-6207", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Ownership mismanagement led to a use-after-free in ReadableByteStreams This vulnerability affects Firefox < 120, Firefox < 115.5, and Thunderbird < 115.5.0." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use-after-free in ReadableByteStreamQueueEntry::Buffer" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "120" + } + ] + } + }, + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "115.5.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1861344", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1861344" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2023-49/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2023-49/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2023-50/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2023-50/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2023-52/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2023-52/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "M. Coolie" + } + ] } \ No newline at end of file diff --git a/2023/6xxx/CVE-2023-6208.json b/2023/6xxx/CVE-2023-6208.json index c8c9030a879..6894467dcd1 100644 --- a/2023/6xxx/CVE-2023-6208.json +++ b/2023/6xxx/CVE-2023-6208.json @@ -1,18 +1,97 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-6208", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "When using X11, text selected by the page using the Selection API was erroneously copied into the primary selection, a temporary storage not unlike the clipboard.\n*This bug only affects Thunderbird on X11. Other systems are unaffected.* This vulnerability affects Firefox < 120, Firefox < 115.5, and Thunderbird < 115.5.0." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Using Selection API would copy contents into X11 primary selection." + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "120" + } + ] + } + }, + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "115.5.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1855345", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1855345" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2023-49/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2023-49/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2023-50/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2023-50/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2023-52/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2023-52/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "turistu" + } + ] } \ No newline at end of file diff --git a/2023/6xxx/CVE-2023-6209.json b/2023/6xxx/CVE-2023-6209.json index b239f8578b1..7e6b0484a7f 100644 --- a/2023/6xxx/CVE-2023-6209.json +++ b/2023/6xxx/CVE-2023-6209.json @@ -1,18 +1,97 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-6209", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Relative URLs starting with three slashes were incorrectly parsed, and a path-traversal \"/../\" part in the path could be used to override the specified host. This could contribute to security problems in web sites. This vulnerability affects Firefox < 120, Firefox < 115.5, and Thunderbird < 115.5.0." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Incorrect parsing of relative URLs starting with \"///\"" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "120" + } + ] + } + }, + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "115.5.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1858570", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1858570" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2023-49/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2023-49/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2023-50/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2023-50/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2023-52/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2023-52/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Rachmat Abdul Rokhim" + } + ] } \ No newline at end of file diff --git a/2023/6xxx/CVE-2023-6210.json b/2023/6xxx/CVE-2023-6210.json index 60d6f502170..693cf8f9c1d 100644 --- a/2023/6xxx/CVE-2023-6210.json +++ b/2023/6xxx/CVE-2023-6210.json @@ -1,18 +1,75 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-6210", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "When an https: web page created a pop-up from a \"javascript:\" URL, that pop-up was incorrectly allowed to load blockable content such as iframes from insecure http: URLs This vulnerability affects Firefox < 120." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Mixed-content resources not blocked in a javascript: pop-up" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "120" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1801501", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1801501" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2023-49/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2023-49/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "0xgodson" + } + ] } \ No newline at end of file diff --git a/2023/6xxx/CVE-2023-6211.json b/2023/6xxx/CVE-2023-6211.json index d684a3f7d4f..ceb11372f20 100644 --- a/2023/6xxx/CVE-2023-6211.json +++ b/2023/6xxx/CVE-2023-6211.json @@ -1,18 +1,75 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-6211", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "If an attacker needed a user to load an insecure http: page and knew that user had enabled HTTPS-only mode, the attacker could have tricked the user into clicking to grant an HTTPS-only exception if they could get the user to participate in a clicking game. This vulnerability affects Firefox < 120." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Clickjacking to load insecure pages in HTTPS-only mode" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "120" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1850200", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1850200" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2023-49/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2023-49/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Muneaki Nishimura" + } + ] } \ No newline at end of file diff --git a/2023/6xxx/CVE-2023-6212.json b/2023/6xxx/CVE-2023-6212.json index 461ecd7e50f..1ec37f6a372 100644 --- a/2023/6xxx/CVE-2023-6212.json +++ b/2023/6xxx/CVE-2023-6212.json @@ -1,18 +1,97 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-6212", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Memory safety bugs present in Firefox 119, Firefox 115.4, and Thunderbird 115.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 120, Firefox < 115.5, and Thunderbird < 115.5.0." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Memory safety bugs fixed in Firefox 120, Firefox ESR 115.5, and Thunderbird 115.5.0" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "120" + } + ] + } + }, + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "115.5.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1658432%2C1820983%2C1829252%2C1856072%2C1856091%2C1859030%2C1860943%2C1862782", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1658432%2C1820983%2C1829252%2C1856072%2C1856091%2C1859030%2C1860943%2C1862782" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2023-49/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2023-49/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2023-50/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2023-50/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2023-52/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2023-52/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Mozilla Developers" + } + ] } \ No newline at end of file diff --git a/2023/6xxx/CVE-2023-6213.json b/2023/6xxx/CVE-2023-6213.json index 73bad02e757..829f03f2a1f 100644 --- a/2023/6xxx/CVE-2023-6213.json +++ b/2023/6xxx/CVE-2023-6213.json @@ -1,18 +1,75 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-6213", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Memory safety bugs present in Firefox 119. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 120." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Memory safety bugs fixed in Firefox 120" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "120" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1849265%2C1851118%2C1854911", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1849265%2C1851118%2C1854911" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2023-49/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2023-49/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Mozilla Developers" + } + ] } \ No newline at end of file diff --git a/2023/6xxx/CVE-2023-6242.json b/2023/6xxx/CVE-2023-6242.json new file mode 100644 index 00000000000..112ada3367e --- /dev/null +++ b/2023/6xxx/CVE-2023-6242.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-6242", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/6xxx/CVE-2023-6243.json b/2023/6xxx/CVE-2023-6243.json new file mode 100644 index 00000000000..55bd2c03991 --- /dev/null +++ b/2023/6xxx/CVE-2023-6243.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-6243", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/6xxx/CVE-2023-6244.json b/2023/6xxx/CVE-2023-6244.json new file mode 100644 index 00000000000..f11b73bc280 --- /dev/null +++ b/2023/6xxx/CVE-2023-6244.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-6244", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file