CVE-2024-9395

CVE-2024-9395

Título es
CVE-2024-9395

Mar, 01/10/2024 – 16:15

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2024-9395

Descripción en
A specially crafted filename containing a large number of spaces could obscure the file's extension when displayed in the download dialog.
*This bug only affects Firefox for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox

01/10/2024
01/10/2024
Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
Pendiente de análisis

Referencias

  • https://bugzilla.mozilla.org/show_bug.cgi?id=1906024

  • https://www.mozilla.org/security/advisories/mfsa2024-46/

    • Enviar en el boletín
    Off

    CVE-2024-9394

    CVE-2024-9394

    Título es
    CVE-2024-9394

    Mar, 01/10/2024 – 16:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-9394

    Descripción en
    An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the `resource://devtools` origin. This could allow them to access cross-origin JSON content. This access is limited to "same site" documents by the Site Isolation feature on desktop clients, but full cross-origin access is possible on Android versions. This vulnerability affects Firefox

    01/10/2024
    01/10/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://bugzilla.mozilla.org/show_bug.cgi?id=1918874

  • https://www.mozilla.org/security/advisories/mfsa2024-46/

  • https://www.mozilla.org/security/advisories/mfsa2024-47/

  • https://www.mozilla.org/security/advisories/mfsa2024-48/

  • https://www.mozilla.org/security/advisories/mfsa2024-49/

  • https://www.mozilla.org/security/advisories/mfsa2024-50/

    • Enviar en el boletín
    Off

    CVE-2024-9403

    CVE-2024-9403

    Título es
    CVE-2024-9403

    Mar, 01/10/2024 – 16:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-9403

    Descripción en
    Memory safety bugs present in Firefox 130. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox

    01/10/2024
    01/10/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://bugzilla.mozilla.org/show_bug.cgi?id=1917807

  • https://www.mozilla.org/security/advisories/mfsa2024-46/

  • https://www.mozilla.org/security/advisories/mfsa2024-50/

    • Enviar en el boletín
    Off

    CVE-2024-9402

    CVE-2024-9402

    Título es
    CVE-2024-9402

    Mar, 01/10/2024 – 16:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-9402

    Descripción en
    Memory safety bugs present in Firefox 130, Firefox ESR 128.2, and Thunderbird 128.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox

    01/10/2024
    01/10/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1872744%2C1897792%2C1911317%2C1913445%2C1914106%2C1914475%2C1914963%2C1915008%2C1916476

  • https://www.mozilla.org/security/advisories/mfsa2024-46/

  • https://www.mozilla.org/security/advisories/mfsa2024-47/

  • https://www.mozilla.org/security/advisories/mfsa2024-49/

  • https://www.mozilla.org/security/advisories/mfsa2024-50/

    • Enviar en el boletín
    Off

    CVE-2024-9401

    CVE-2024-9401

    Título es
    CVE-2024-9401

    Mar, 01/10/2024 – 16:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-9401

    Descripción en
    Memory safety bugs present in Firefox 130, Firefox ESR 115.15, Firefox ESR 128.2, and Thunderbird 128.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox

    01/10/2024
    01/10/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1872744%2C1897792%2C1911317%2C1916476

  • https://www.mozilla.org/security/advisories/mfsa2024-46/

  • https://www.mozilla.org/security/advisories/mfsa2024-47/

  • https://www.mozilla.org/security/advisories/mfsa2024-48/

  • https://www.mozilla.org/security/advisories/mfsa2024-49/

  • https://www.mozilla.org/security/advisories/mfsa2024-50/

    • Enviar en el boletín
    Off

    CVE-2024-9400

    CVE-2024-9400

    Título es
    CVE-2024-9400

    Mar, 01/10/2024 – 16:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-9400

    Descripción en
    A potential memory corruption vulnerability could be triggered if an attacker had the ability to trigger an OOM at a specific moment during JIT compilation. This vulnerability affects Firefox

    01/10/2024
    01/10/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://bugzilla.mozilla.org/show_bug.cgi?id=1915249

  • https://www.mozilla.org/security/advisories/mfsa2024-46/

  • https://www.mozilla.org/security/advisories/mfsa2024-47/

  • https://www.mozilla.org/security/advisories/mfsa2024-49/

  • https://www.mozilla.org/security/advisories/mfsa2024-50/

    • Enviar en el boletín
    Off

    CVE-2024-46263

    CVE-2024-46263

    Título es
    CVE-2024-46263

    Mar, 01/10/2024 – 14:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-46263

    Descripción en
    cute_png v1.05 was discovered to contain a stack overflow via the cp_dynamic() function at cute_png.h.

    01/10/2024
    01/10/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://github.com/Helson-S/FuzzyTesting/blob/master/cute_headers/cute_png/stkof-w1-cp_dynamic-cute_png-601c71

  • https://github.com/Helson-S/FuzzyTesting/blob/master/cute_headers/cute_png/stkof-w1-cp_dynamic-cute_png-601c71/poc

  • https://github.com/Helson-S/FuzzyTesting/blob/master/cute_headers/cute_png/stkof-w1-cp_dynamic-cute_png-601c71/poc/sample15.png

  • https://github.com/Helson-S/FuzzyTesting/blob/master/cute_headers/cute_png/stkof-w1-cp_dynamic-cute_png-601c71/vulDescription.assets/image-20240527235936692.png

  • https://github.com/Helson-S/FuzzyTesting/blob/master/cute_headers/cute_png/stkof-w1-cp_dynamic-cute_png-601c71/vulDescription.md

    • Enviar en el boletín
    Off

    CVE-2024-46261

    CVE-2024-46261

    Título es
    CVE-2024-46261

    Mar, 01/10/2024 – 14:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-46261

    Descripción en
    cute_png v1.05 was discovered to contain a heap buffer overflow via the cp_make32() function at cute_png.h.

    01/10/2024
    01/10/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://github.com/Helson-S/FuzzyTesting/blob/master/cute_headers/cute_png/heapof-r1-cp_make32-cute_png-948c10

  • https://github.com/Helson-S/FuzzyTesting/blob/master/cute_headers/cute_png/heapof-r1-cp_make32-cute_png-948c10/poc

  • https://github.com/Helson-S/FuzzyTesting/blob/master/cute_headers/cute_png/heapof-r1-cp_make32-cute_png-948c10/poc/sample4.png

  • https://github.com/Helson-S/FuzzyTesting/blob/master/cute_headers/cute_png/heapof-r1-cp_make32-cute_png-948c10/vulDescription.assets/image-20240527232015967.png

  • https://github.com/Helson-S/FuzzyTesting/blob/master/cute_headers/cute_png/heapof-r1-cp_make32-cute_png-948c10/vulDescription.md

    • Enviar en el boletín
    Off

    CVE-2024-46259

    CVE-2024-46259

    Título es
    CVE-2024-46259

    Mar, 01/10/2024 – 14:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-46259

    Descripción en
    cute_png v1.05 was discovered to contain a heap buffer overflow via the cp_unfilter() function at cute_png.h.

    01/10/2024
    01/10/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://github.com/Helson-S/FuzzyTesting/blob/master/cute_headers/cute_png/heapof-r1-cp_unfilter-cute_png-1019c11

  • https://github.com/Helson-S/FuzzyTesting/blob/master/cute_headers/cute_png/heapof-r1-cp_unfilter-cute_png-1019c11/poc

  • https://github.com/Helson-S/FuzzyTesting/blob/master/cute_headers/cute_png/heapof-r1-cp_unfilter-cute_png-1019c11/poc/sample6.png

  • https://github.com/Helson-S/FuzzyTesting/blob/master/cute_headers/cute_png/heapof-r1-cp_unfilter-cute_png-1019c11/vulDescription.assets/image-20240527232602298.png

  • https://github.com/Helson-S/FuzzyTesting/blob/master/cute_headers/cute_png/heapof-r1-cp_unfilter-cute_png-1019c11/vulDescription.md

    • Enviar en el boletín
    Off

    CVE-2024-46258

    CVE-2024-46258

    Título es
    CVE-2024-46258

    Mar, 01/10/2024 – 14:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-46258

    Descripción en
    cute_png v1.05 was discovered to contain a heap buffer overflow via the cp_load_png_mem() function at cute_png.h.

    01/10/2024
    01/10/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://github.com/Helson-S/FuzzyTesting/blob/master/cute_headers/cute_png/heapof-r1-cp_load_png_mem-cute_png-1105c15

  • https://github.com/Helson-S/FuzzyTesting/blob/master/cute_headers/cute_png/heapof-r1-cp_load_png_mem-cute_png-1105c15/poc

  • https://github.com/Helson-S/FuzzyTesting/blob/master/cute_headers/cute_png/heapof-r1-cp_load_png_mem-cute_png-1105c15/poc/sample2.png

  • https://github.com/Helson-S/FuzzyTesting/blob/master/cute_headers/cute_png/heapof-r1-cp_load_png_mem-cute_png-1105c15/vulDescription.assets/image-20240527231514578.png

  • https://github.com/Helson-S/FuzzyTesting/blob/master/cute_headers/cute_png/heapof-r1-cp_load_png_mem-cute_png-1105c15/vulDescription.md

    • Enviar en el boletín
    Off