ALT-PU-2023-7363-2

BDU:2023-07276

MEDIUM6.5

Уязвимость браузера Firefox, связанная с недостаточной защитой служебных данных, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Published: 2023-10-30Modified: 2025-03-21

CVSS 3.xMEDIUM 6.5

CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CVSS 2.0HIGH 7.8

CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:N/A:N

References

BDU:2023-07277

MEDIUM6.3

Уязвимость браузера Firefox, связанная с недостаточной проверкой входных данных, позволяющая нарушителю выполнить произвольный код

Published: 2023-10-30Modified: 2025-03-21

CVSS 3.xMEDIUM 6.3

CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

CVSS 2.0HIGH 7.5

CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P

References

BDU:2023-07278

HIGH7.4

Уязвимость реализации прикладного программного интерфейса для 3D-графики WebGL браузеров Firefox и Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2023-10-30Modified: 2025-02-07

CVSS 3.xHIGH 7.4

CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H

CVSS 2.0HIGH 7.8

CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:C

References

BDU:2023-07282

MEDIUM6.1

Уязвимость браузеров Firefox и Firefox ESR и почтового клиента Thunderbird, связанная с недостаточным предупреждением об опасных действиях, позволяющая нарушителю выполнить произвольный код

Published: 2023-10-30Modified: 2024-04-02

CVSS 3.xMEDIUM 6.1

CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS 2.0MEDIUM 6.4

CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:N

References

CVE-2023-5722

MEDIUM5.3

Using iterative requests an attacker was able to learn the size of an opaque response, as well as the contents of a server-supplied Vary header. This vulnerability affects Firefox < 119.

Published: 2023-10-25Modified: 2024-11-21

CVSS 3.xMEDIUM 5.3

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

References

CVE-2023-5723

MEDIUM5.3

An attacker with temporary script access to a site could have set a cookie containing invalid characters using `document.cookie` that could have led to unknown errors. This vulnerability affects Firefox < 119.

Published: 2023-10-25Modified: 2024-11-21

CVSS 3.xMEDIUM 5.3

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

References

CVE-2023-5724

HIGH7.5

Drivers are not always robust to extremely large draw calls and in some cases this scenario could have led to a crash. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1.

Published: 2023-10-25Modified: 2024-11-21

CVSS 3.xHIGH 7.5

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References

CVE-2023-5727

MEDIUM6.5

The executable file warning was not presented when downloading .msix, .msixbundle, .appx, and .appxbundle files, which can run commands on a user's computer. Note: This issue only affected Windows operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1.

Published: 2023-10-25Modified: 2024-11-21

CVSS 3.xMEDIUM 6.5

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

References

Package update palemoon in branch sisyphus

Closed issues (8)

Уязвимость браузера Firefox, связанная с недостаточной проверкой входных данных, позволяющая нарушителю выполнить произвольный код

Using iterative requests an attacker was able to learn the size of an opaque response, as well as the contents of a server-supplied Vary header. This vulnerability affects Firefox < 119.

An attacker with temporary script access to a site could have set a cookie containing invalid characters using `document.cookie` that could have led to unknown errors. This vulnerability affects Firefox < 119.

Drivers are not always robust to extremely large draw calls and in some cases this scenario could have led to a crash. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1.