Assign CVEs

mozilla · Feb 15, 2024 · 9152282 · 9152282
1 parent 578b68f
commit 9152282
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 20 deletions.
diff --git a/announce/2024/mfsa2024-05.yml b/announce/2024/mfsa2024-05.yml
@@ -5,87 +5,87 @@ fixed_in:
 - Firefox 123
 title: Security Vulnerabilities fixed in Firefox 123
 advisories:
-  MFSA-RESERVE-2024-1843752:
+  CVE-2024-1546:
     title: Out-of-bounds memory read in networking channels
     impact: high
     reporter: Alfred Peters
     description: |
       When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an out-of-bounds memory read.
     bugs:
       - url: 1843752
-  MFSA-RESERVE-2024-1877879:
+  CVE-2024-1547:
     title: Alert dialog could have been spoofed on another site
     impact: high
     reporter: Irvan Kurniawan
     description: |
       Through a series of API calls and redirects, an attacker-controlled alert dialog could have been displayed on another website (with the victim website's URL shown).
     bugs:
       - url: 1877879
-  MFSA-RESERVE-2024-1816390:
+  CVE-2024-1554:
     title: fetch could be used to effect cache poisoning
     impact: moderate
     reporter: scarlet
     description: |
       The <code>fetch()</code> API and navigation incorrectly shared the same cache, as the cache key did not include the optional headers <code>fetch()</code> may contain.  Under the correct circumstances, an attacker may have been able to poison the local browser cache by priming it with a <code>fetch()</code> response controlled by the additional headers. Upon navigation to the same URL, the user would see the cached response instead of the expected response.
     bugs:
       - url: 1816390
-  MFSA-RESERVE-2024-1832627:
+  CVE-2024-1548:
     title: Fullscreen Notification could have been hidden by select element
     impact: moderate
     reporter: Hafiizh
     description: |
       A website could have obscured the fullscreen notification by using a dropdown select input element. This could have led to user confusion and possible spoofing attacks.
     bugs:
       - url: 1832627
-  MFSA-RESERVE-2024-1833814:
+  CVE-2024-1549:
     title: Custom cursor could obscure the permission dialog
     impact: moderate
     reporter: Hafiizh
     description: |
       If a website set a large custom cursor, portions of the cursor could have overlapped with the permission dialog, potentially resulting in user confusion and unexpected granted permissions.
     bugs:
       - url: 1833814
-  MFSA-RESERVE-2024-1860065:
+  CVE-2024-1550:
     title: Mouse cursor re-positioned unexpectedly could have led to unintended permission grants
     impact: moderate
     reporter: Hafiizh
     description: |
       A malicious website could have used a combination of exiting fullscreen mode and <code>requestPointerLock</code> to cause the user's mouse to be re-positioned unexpectedly, which could have led to user confusion and inadvertently granting permissions they did not intend to grant.
     bugs:
       - url: 1860065
-  MFSA-RESERVE-2024-1864385:
+  CVE-2024-1551:
     title: Multipart HTTP Responses would accept the Set-Cookie header in response parts
     impact: moderate
     reporter: Johan Carlsson
     description: |
       Set-Cookie response headers were being incorrectly honored in multipart HTTP responses. If an attacker could control the Content-Type response header, as well as control part of the response body, they could inject Set-Cookie response headers that would have been honored by the browser.
     bugs:
       - url: 1864385
-  MFSA-RESERVE-2024-1873223:
+  CVE-2024-1555:
     title: SameSite cookies were not properly respected when opening a website from an external browser
     impact: moderate
     reporter: Narendra Bhati
     description: |
       When opening a website using the <code>firefox://</code> protocol handler, SameSite cookies were not properly respected.
     bugs:
       - url: 1873223
-  MFSA-RESERVE-2024-1870414:
+  CVE-2024-1556:
     title: Invalid memory access in the built-in profiler
     impact: low
     reporter: Ronald Crane
     description: |
       The incorrect object was checked for NULL in the built-in profiler, potentially leading to invalid memory access and undefined behavior. <i>Note:</i> This issue only affects the application when the profiler is running.
     bugs:
       - url: 1870414
-  MFSA-RESERVE-2024-1874502:
+  CVE-2024-1552:
     title: Incorrect code generation on 32-bit ARM devices
     impact: low
     reporter: Gary Kwong
     description: |
       Incorrect code generation could have led to unexpected numeric conversions and potential undefined behavior.<i>Note:</i> This issue only affects 32-bit ARM devices.
     bugs:
       - url: 1874502
-  MFSA-RESERVE-2024-2:
+  CVE-2024-1553:
     title: Memory safety bugs fixed in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8
     impact: high
     reporter: Andrew McCreight, Randell Jesup, Gabriele Svelto, Paul Bone, and the Mozilla Fuzzing Team
@@ -94,7 +94,7 @@ advisories:
     bugs:
       - url: 1855686, 1867982, 1871498, 1872296, 1873521, 1873577, 1873597, 1873866, 1874080, 1874740, 1875795, 1875906, 1876425, 1878211, 1878286
         desc: Memory safety bugs fixed in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8
-  MFSA-RESERVE-2024-4:
+  CVE-2024-1557:
     title: Memory safety bugs fixed in Firefox 123
     impact: high
     reporter: Andrew McCreight, Randell Jesup, and the Mozilla Fuzzing Team

diff --git a/announce/2024/mfsa2024-06.yml b/announce/2024/mfsa2024-06.yml
@@ -5,63 +5,63 @@ fixed_in:
 - Firefox ESR 115.8
 title: Security Vulnerabilities fixed in Firefox ESR 115.8
 advisories:
-  MFSA-RESERVE-2024-1843752:
+  CVE-2024-1546:
     title: Out-of-bounds memory read in networking channels
     impact: high
     reporter: Alfred Peters
     description: |
       When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an out-of-bounds memory read.
     bugs:
       - url: 1843752
-  MFSA-RESERVE-2024-1877879:
+  CVE-2024-1547:
     title: Alert dialog could have been spoofed on another site
     impact: high
     reporter: Irvan Kurniawan
     description: |
       Through a series of API calls and redirects, an attacker-controlled alert dialog could have been displayed on another website (with the victim website's URL shown).
     bugs:
       - url: 1877879
-  MFSA-RESERVE-2024-1832627:
+  CVE-2024-1548:
     title: Fullscreen Notification could have been hidden by select element
     impact: moderate
     reporter: Hafiizh
     description: |
       A website could have obscured the fullscreen notification by using a dropdown select input element. This could have led to user confusion and possible spoofing attacks.
     bugs:
       - url: 1832627
-  MFSA-RESERVE-2024-1833814:
+  CVE-2024-1549:
     title: Custom cursor could obscure the permission dialog
     impact: moderate
     reporter: Hafiizh
     description: |
       If a website set a large custom cursor, portions of the cursor could have overlapped with the permission dialog, potentially resulting in user confusion and unexpected granted permissions.
     bugs:
       - url: 1833814
-  MFSA-RESERVE-2024-1860065:
+  CVE-2024-1550:
     title: Mouse cursor re-positioned unexpectedly could have led to unintended permission grants
     impact: moderate
     reporter: Hafiizh
     description: |
       A malicious website could have used a combination of exiting fullscreen mode and <code>requestPointerLock</code> to cause the user's mouse to be re-positioned unexpectedly, which could have led to user confusion and inadvertently granting permissions they did not intend to grant.
     bugs:
       - url: 1860065
-  MFSA-RESERVE-2024-1864385:
+  CVE-2024-1551:
     title: Multipart HTTP Responses would accept the Set-Cookie header in response parts
     impact: moderate
     reporter: Johan Carlsson
     description: |
       Set-Cookie response headers were being incorrectly honored in multipart HTTP responses. If an attacker could control the Content-Type response header, as well as control part of the response body, they could inject Set-Cookie response headers that would have been honored by the browser.
     bugs:
       - url: 1864385
-  MFSA-RESERVE-2024-1874502:
+  CVE-2024-1552:
     title: Incorrect code generation on 32-bit ARM devices
     impact: low
     reporter: Gary Kwong
     description: |
       Incorrect code generation could have led to unexpected numeric conversions and potential undefined behavior.<i>Note:</i> This issue only affects 32-bit ARM devices.
     bugs:
       - url: 1874502
-  MFSA-RESERVE-2024-2:
+  CVE-2024-1553:
     title: Memory safety bugs fixed in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8
     impact: high
     reporter: Andrew McCreight, Randell Jesup, Gabriele Svelto, Paul Bone, and the Mozilla Fuzzing Team