ROS-20230908-07

A vulnerability in Firefox browser, Firefox ESR is related to a bug in the calculation of pop-up notification delay.
Exploitation of the vulnerability could allow an attacker acting remotely to trick the victim into
to grant permissions.

Full-screen notification vulnerability in Mozilla Firefox, Firefox ESR and Thunderbird email client.
Thunderbird is related to insufficient warning of dangerous actions. Exploitation of the vulnerability could
allow a remote attacker to perform a spoofing attack.

Vulnerability in Firefox, Firefox ESR browsers is related to memory usage after its release.
Exploitation of the vulnerability allows a remote attacker to execute arbitrary code.

OffscreenCanvas vulnerability in Firefox, Firefox ESR browsers is related to the use of an untrusted cross-domain policy file.
cross-domain policy file. Exploitation of the vulnerability allows an attacker acting remotely
to execute arbitrary code.

Vulnerability in Mozilla Firefox, Firefox ESR and Thunderbird email client is related to errors in
state management errors as a result of exceeding the number of cookies in document.cookie. Exploitation
vulnerability could allow a remote intruder to affect the integrity of protected information.
information.

The vulnerability in Firefox, Firefox ESR browsers is related to the application not properly controlling the
consumption of internal resources when analyzing HTML using DOMParser. Exploitation of the vulnerability could
allow an attacker acting remotely to cause resource exhaustion and perform a denial-of-service (DoS) attack.
denial of service (DoS) attack.

The vulnerability in Mozilla Firefox, Firefox ESR and Thunderbird email client is related to writing
data outside of a buffer in memory. Exploitation of the vulnerability could allow an attacker acting remotely to execute an arbitrary attack.
remotely to execute arbitrary code.

A vulnerability in Firefox browsers, Firefox ESR is related to an unreliable input stream that was copied to the
stack buffer without checking its size. Exploitation of the vulnerability allows an attacker acting
remotely, to cause a potentially vulnerable failure that leads to an isolated environment exit.

The vulnerability in Mozilla Firefox, Firefox ESR browser, and Thunderbird email client of the operating systems
Windows operating systems is related to insufficient warning about dangerous actions when processing files with extension
appref-ms. Exploitation of the vulnerability could allow a remote attacker to execute arbitrary code.
arbitrary code.

Vulnerability in Mozilla Firefox, Firefox ESR and Thunderbird email client is related to a bug in the use of freed memory in shells.
the use of freed memory in cross-compartmentalized shells. Exploitation of the vulnerability could
allow an attacker acting remotely to execute arbitrary code or cause a denial of
denial of service.

The vulnerability in Mozilla Firefox, Firefox ESR browsers and Thunderbird email client is related to the lack of a
warning when opening Diagcab files. Exploitation of the vulnerability could allow an attacker to perform a spoofing attack.
a spoofing attack.

Vulnerability in WebRTC technology of Mozilla Firefox, Firefox ESR and Thunderbird mail client
is related to a freed memory usage error. Exploitation of the vulnerability could allow
an attacker acting remotely to execute arbitrary code or cause a denial of service.

A vulnerability in the WASM JIT component of Firefox, Firefox ESR browsers is related to incorrect clearing or
resource release. Exploitation of the vulnerability could allow an attacker acting remotely,
to cause a denial of service.