Assign CVEs

mozilla · Jun 7, 2024 · af535d7 · af535d7
1 parent 2ef2f44
commit af535d7
Show file tree

Hide file tree

Showing 3 changed files with 24 additions and 24 deletions.
diff --git a/announce/2024/mfsa2024-18.yml b/announce/2024/mfsa2024-18.yml
@@ -15,7 +15,7 @@ advisories:
       GetBoundName could return the wrong version of an object when JIT optimizations were applied.
     bugs:
       - url: 1883542
-  MFSA-RESERVE-2024-1193389:
+  CVE-2024-5702:
     title: Use-after-free in networking
     impact: high
     reporter: Kershaw Chang

diff --git a/announce/2024/mfsa2024-25.yml b/announce/2024/mfsa2024-25.yml
@@ -5,47 +5,47 @@ fixed_in:
 - Firefox 127
 title: Security Vulnerabilities fixed in Firefox 127
 advisories:
-  MFSA-RESERVE-2024-1889066:
+  CVE-2024-5687:
     title: An incorrect principal could have been used when opening new tabs
     impact: high
     reporter: jackyzy823
     description: |
       If a specific sequence of actions is performed when opening a new tab, the triggering principal associated with the new tab may have been incorrect. The triggering principal is used to calculate many values, including the <code>Referer</code> and <code>Sec-*</code> headers, meaning there is the potential for incorrect security checks within the browser in addition to incorrect or misleading information sent to remote websites.<br>*This bug only affects Firefox for Android. Other versions of Firefox are unaffected.*
     bugs:
       - url: 1889066
-  MFSA-RESERVE-2024-1895086:
+  CVE-2024-5688:
     title: Use-after-free in JavaScript object transplant
     impact: high
     reporter: Lukas Bernhard
     description: |
       If a garbage collection was triggered at the right time, a use-after-free could have occurred during object transplant.
     bugs:
       - url: 1895086
-  MFSA-RESERVE-2024-1389707:
+  CVE-2024-5689:
     title: User confusion and possible phishing vector via Firefox Screenshots
     impact: moderate
     reporter: Fabian Fäßler
     description: |
       In addition to detecting when a user was taking a screenshot (XXX), a website was able to overlay the 'My Shots' button that appeared, and direct the user to a replica Firefox Screenshots page that could be used for phishing.
     bugs:
       - url: 1389707
-  MFSA-RESERVE-2024-1883693:
+  CVE-2024-5690:
     title: External protocol handlers leaked by timing attack
     impact: moderate
     reporter: Satoki Tsuji
     description: |
       By monitoring the time certain operations take, an attacker could have guessed which external protocol handlers were functional on a user's system.
     bugs:
       - url: 1883693
-  MFSA-RESERVE-2024-1888695:
+  CVE-2024-5691:
     title: Sandboxed iframes were able to bypass sandbox restrictions to open a new window
     impact: moderate
     reporter: Luan Herrera
     description: |
       By tricking the browser with a <code>X-Frame-Options</code> header, a sandboxed iframe could have presented a button that, if clicked by a user, would bypass restrictions to open a new window.
     bugs:
       - url: 1888695
-  MFSA-RESERVE-2024-1891234:
+  CVE-2024-5692:
     title: Bypass of file name restrictions during saving
     impact: moderate
     reporter: Raphael Shaniyazov and Axel Chong (@Haxatron)
@@ -54,63 +54,63 @@ advisories:
     bugs:
       - url: 1891234
       - url: 1837514
-  MFSA-RESERVE-2024-1891319:
+  CVE-2024-5693:
     title: Cross-Origin Image leak via Offscreen Canvas
     impact: moderate
     reporter: Kirtikumar Anandrao Ramchandani
     description: |
       Offscreen Canvas did not properly track cross-origin tainting, which could be used to access image data from another site in violation of same-origin policy.
     bugs:
       - url: 1891319
-  MFSA-RESERVE-2024-1895055:
+  CVE-2024-5694:
     title: Use-after-free in JavaScript Strings
     impact: moderate
     reporter: Lukas Bernhard
     description: |
       An attacker could have caused a use-after-free in the JavaScript engine to read memory in the JavaScript string section of the heap.
     bugs:
       - url: 1895055
-  MFSA-RESERVE-2024-1895579:
+  CVE-2024-5695:
     title: Memory Corruption using allocation using out-of-memory conditions
     impact: moderate
     reporter: Irvan Kurniawan
     description: |
       If an out-of-memory condition occurs at a specific point using allocations in the probabilistic heap checker, an assertion could have been triggered, and in rarer situations, memory corruption could have occurred.
     bugs:
       - url: 1895579
-  MFSA-RESERVE-2024-1896555:
+  CVE-2024-5696:
     title: Memory Corruption in Text Fragments
     impact: moderate
     reporter: Irvan Kurniawan
     description: |
       By manipulating the text in an <code>&lt;input&gt;</code> tag, an attacker could have caused corrupt memory leading to a potentially exploitable crash.
     bugs:
       - url: 1896555
-  MFSA-RESERVE-2024-1414937:
+  CVE-2024-5697:
     title: Website was able to detect when Firefox was taking a screenshot of them
     impact: low
     reporter: Wil Clouser
     description: |
       A website was able to detect when a user took a screenshot of a page using the built-in Screenshot functionality in Firefox.
     bugs:
       - url: 1414937
-  MFSA-RESERVE-2024-1828259:
+  CVE-2024-5698:
     title: Data-list could have overlaid address bar
     impact: low
     reporter: Hafiizh
     description: |
       By manipulating the fullscreen feature while opening a data-list, an attacker could have overlaid a text box over the address bar. This could have led to user confusion and possible spoofing attacks.
     bugs:
       - url: 1828259
-  MFSA-RESERVE-2024-1891349:
+  CVE-2024-5699:
     title: Cookie prefixes not treated as case-sensitive
     impact: low
     reporter: Konstantin Preißer
     description: |
       In violation of spec, cookie prefixes such as <code>__Secure</code> were being ignored if they were not correctly capitalized - by spec they should be checked with a case-insensitive comparison. This could have resulted in the browser not correctly honoring the behaviors specified by the prefix.
     bugs:
       - url: 1891349
-  MFSA-RESERVE-2024-2:
+  CVE-2024-5700:
     title: Memory safety bugs fixed in Firefox 127, Firefox ESR 115.12, and Thunderbird 115.12
     impact: high
     reporter: The Mozilla Fuzzing Team
@@ -119,7 +119,7 @@ advisories:
     bugs:
       - url: 1862809, 1889355, 1893388, 1895123
         desc: Memory safety bugs fixed in Firefox 127, Firefox ESR 115.12, and Thunderbird 115.12
-  MFSA-RESERVE-2024-4:
+  CVE-2024-5701:
     title: Memory safety bugs fixed in Firefox 127
     impact: high
     reporter: Randell Jesup and the Mozilla Fuzzing Team

diff --git a/announce/2024/mfsa2024-26.yml b/announce/2024/mfsa2024-26.yml
@@ -5,63 +5,63 @@ fixed_in:
 - Firefox ESR 115.12
 title: Security Vulnerabilities fixed in Firefox ESR 115.12
 advisories:
-  MFSA-RESERVE-2024-1193389:
+  CVE-2024-5702:
     title: Use-after-free in networking
     impact: high
     reporter: Kershaw Chang
     description: |
       Memory corruption in the networking stack could have led to a potentially exploitable crash.
     bugs:
       - url: 1193389
-  MFSA-RESERVE-2024-1895086:
+  CVE-2024-5688:
     title: Use-after-free in JavaScript object transplant
     impact: high
     reporter: Lukas Bernhard
     description: |
       If a garbage collection was triggered at the right time, a use-after-free could have occurred during object transplant.
     bugs:
       - url: 1895086
-  MFSA-RESERVE-2024-1883693:
+  CVE-2024-5690:
     title: External protocol handlers leaked by timing attack
     impact: moderate
     reporter: Satoki Tsuji
     description: |
       By monitoring the time certain operations take, an attacker could have guessed which external protocol handlers were functional on a user's system.
     bugs:
       - url: 1883693
-  MFSA-RESERVE-2024-1888695:
+  CVE-2024-5691:
     title: Sandboxed iframes were able to bypass sandbox restrictions to open a new window
     impact: moderate
     reporter: Luan Herrera
     description: |
       By tricking the browser with a <code>X-Frame-Options</code> header, a sandboxed iframe could have presented a button that, if clicked by a user, would bypass restrictions to open a new window.
     bugs:
       - url: 1888695
-  MFSA-RESERVE-2024-1891234:
+  CVE-2024-5692:
     title: Bypass of file name restrictions during saving
     impact: moderate
     reporter: Raphael Shaniyazov
     description: |
       On Windows 10, when using the 'Save As' functionality, an attacker could have tricked the browser into saving the file with a disallowed extension such as <code>.url</code> by including an invalid character in the extension. *Note:* This issue only affected Windows operating systems. Other operating systems are unaffected.
     bugs:
       - url: 1891234
-  MFSA-RESERVE-2024-1891319:
+  CVE-2024-5693:
     title: Cross-Origin Image leak via Offscreen Canvas
     impact: moderate
     reporter: Kirtikumar Anandrao Ramchandani
     description: |
       Offscreen Canvas did not properly track cross-origin tainting, which could be used to access image data from another site in violation of same-origin policy.
     bugs:
       - url: 1891319
-  MFSA-RESERVE-2024-1896555:
+  CVE-2024-5696:
     title: Memory Corruption in Text Fragments
     impact: moderate
     reporter: Irvan Kurniawan
     description: |
       By manipulating the text in an <code>&lt;input&gt;</code> tag, an attacker could have caused corrupt memory leading to a potentially exploitable crash.
     bugs:
       - url: 1896555
-  MFSA-RESERVE-2024-2:
+  CVE-2024-5700:
     title: Memory safety bugs fixed in Firefox 127, Firefox ESR 115.12, and Thunderbird 115.12
     impact: high
     reporter: The Mozilla Fuzzing Team