ALT-PU-2023-7760-2

BDU:2023-08086

HIGH7.5

Уязвимость метода WebGL2RenderingContext.blitFramebuffer() интерфейса WebGL2 браузеров Firefox и Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Published: 2023-11-23Modified: 2024-11-11

CVSS 3.xHIGH 7.5

CVSS:3.x/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0HIGH 7.6

CVSS:2.0/AV:N/AC:H/Au:N/C:C/I:C/A:C

References

BDU:2023-08116

HIGH7.5

Уязвимость функции MessagePort::Entangled() браузеров Firefox и Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю вызвать отказ в обслуживании или оказать иное воздействие

Published: 2023-11-23Modified: 2024-11-11

CVSS 3.xHIGH 7.5

CVSS:3.x/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0HIGH 7.6

CVSS:2.0/AV:N/AC:H/Au:N/C:C/I:C/A:C

References

BDU:2023-08321

MEDIUM6.5

Уязвимость браузера Mozilla Firefox, связанная с переадресацией URL на ненадежный сайт, позволяющая нарушителю проводить фишинг-атаки

Published: 2023-12-01Modified: 2025-03-21

CVSS 3.xMEDIUM 6.5

CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

CVSS 2.0HIGH 7.8

CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:C/A:N

References

CVE-2023-6210

BDU:2023-08322

MEDIUM6.5

Уязвимость браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, связанная с неверным ограничением имени пути с символами "/.. /", позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Published: 2023-12-01Modified: 2024-11-11

CVSS 3.xMEDIUM 6.5

CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CVSS 2.0HIGH 7.8

CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:N/A:N

References

CVE-2023-6209

CVE-2023-6204

MEDIUM6.5

On some systems—depending on the graphics settings and drivers—it was possible to force an out-of-bounds read and leak memory data into the images created on the canvas element. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5.

Published: 2023-11-21Modified: 2024-11-21

CVSS 3.xMEDIUM 6.5

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

References

CVE-2023-6205

MEDIUM6.5

It was possible to cause the use of a MessagePort after it had already been freed, which could potentially have led to an exploitable crash. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5.

Published: 2023-11-21Modified: 2024-11-21

CVSS 3.xMEDIUM 6.5

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References

CVE-2023-6209

MEDIUM6.5

Relative URLs starting with three slashes were incorrectly parsed, and a path-traversal "/../" part in the path could be used to override the specified host. This could contribute to security problems in web sites. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5.

Published: 2023-11-21Modified: 2024-11-21

CVSS 3.xMEDIUM 6.5

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

References

CVE-2023-6210

MEDIUM6.5

When an https: web page created a pop-up from a "javascript:" URL, that pop-up was incorrectly allowed to load blockable content such as iframes from insecure http: URLs This vulnerability affects Firefox < 120.

Published: 2023-11-21Modified: 2024-11-21

CVSS 3.xMEDIUM 6.5

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

References

Package update palemoon in branch sisyphus

Closed issues (8)

Уязвимость браузера Mozilla Firefox, связанная с переадресацией URL на ненадежный сайт, позволяющая нарушителю проводить фишинг-атаки

On some systems—depending on the graphics settings and drivers—it was possible to force an out-of-bounds read and leak memory data into the images created on the canvas element. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5.

It was possible to cause the use of a MessagePort after it had already been freed, which could potentially have led to an exploitable crash. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5.

When an https: web page created a pop-up from a "javascript:" URL, that pop-up was incorrectly allowed to load blockable content such as iframes from insecure http: URLs This vulnerability affects Firefox < 120.