{"vulnerability": "cve-2023-2954", "sightings": [{"uuid": "2f7e8370-f354-4cdb-a481-e1eaca4d8772", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-29541", "type": "seen", "source": "https://t.me/cibsecurity/64942", "content": "\u203c CVE-2023-29541 \u203c\n\nFirefox did not properly handle downloads of files ending in .desktop, which can be interpreted to run attacker-controlled commands. *This bug only affects Firefox for Linux on certain Distributions. Other operating systems are unaffected, and Mozilla is unable to enumerate all affected Linux Distributions.*. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-06-02T20:42:38.000000Z"}, {"uuid": "b77af5ac-2818-4715-8f70-cfaacf9881bd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-29547", "type": "seen", "source": "https://t.me/cibsecurity/64943", "content": "\u203c CVE-2023-29547 \u203c\n\nWhen a secure cookie existed in the Firefox cookie jar an insecure cookie for the same domain could have been created, when it should have silently failed. This could have led to a desynchronization in expected results when reading from the secure cookie. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-06-03T14:41:44.000000Z"}, {"uuid": "1766e621-bc6c-4b8f-b82f-8069a22425fa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-29544", "type": "seen", "source": "https://t.me/cibsecurity/64930", "content": "\u203c CVE-2023-29544 \u203c\n\nIf multiple instances of resource exhaustion occurred at the incorrect time, the garbage collector could have caused memory corruption and a potentially exploitable crash. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-06-02T20:42:23.000000Z"}, {"uuid": "f2f45129-09d9-434e-8f55-84cafb29609b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-29540", "type": "seen", "source": "https://t.me/cibsecurity/64941", "content": "\u203c CVE-2023-29540 \u203c\n\nUsing a redirect embedded into sourceMappingUrls could allow for navigation to external protocol links in sandboxed iframes without allow-top-navigation-to-custom-protocols. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-06-02T20:42:37.000000Z"}, {"uuid": "c01dc5ff-2173-44bf-838c-712323ce797f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-29549", "type": "seen", "source": "https://t.me/cibsecurity/64932", "content": "\u203c CVE-2023-29549 \u203c\n\nUnder certain circumstances, a call to the bind function may have resulted in the incorrect realm. This may have created a vulnerability relating to JavaScript-implemented sandboxes such as SES. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-06-02T20:42:25.000000Z"}, {"uuid": "e7f74283-b6f0-497d-b368-a33a93d109f5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-2954", "type": "seen", "source": "https://t.me/cibsecurity/64757", "content": "\u203c CVE-2023-2954 \u203c\n\nCross-site Scripting (XSS) - Stored in GitHub repository liangliangyy/djangoblog prior to master.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-29T12:35:57.000000Z"}]}