Page 10 of 1208 results (0.015 seconds)

CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0

Memory safety bugs present in Firefox 116, Firefox ESR 102.14, Firefox ESR 115.1, Thunderbird 102.14, and Thunderbird 115.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2. Errores de seguridad de la memoria presentes en Firefox 116, Firefox ESR 102.14, Firefox ESR 115.1, Thunderbird 102.14 y Thunderbird 115.1. Algunos de estos errores mostraron evidencia de corrupción de memoria y suponemos que con suficiente esfuerzo algunos de ellos podrían haberse aprovechado para ejecutar código arbitrario. • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1843968%2C1845205%2C1846080%2C1846526%2C1847529 https://www.mozilla.org/security/advisories/mfsa2023-34 https://www.mozilla.org/security/advisories/mfsa2023-35 https://www.mozilla.org/security/advisories/mfsa2023-36 https://www.mozilla.org/security/advisories/mfsa2023-37 https://www.mozilla.org/security/advisories/mfsa2023-38 https://access.redhat.com/security/cve/CVE-2023-4584 https://bugzilla.redhat.com/show_bug.cgi?id=2236084 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0

When `UpdateRegExpStatics` attempted to access `initialStringHeap` it could already have been garbage collected prior to entering the function, which could potentially have led to an exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2. Cuando `UpdateRegExpStatics` intentó acceder a `initialStringHeap`, es posible que ya se haya recolectado basura antes de ingresar a la función, lo que podría haber provocado un bloqueo explotable. Esta vulnerabilidad afecta a Firefox &lt; 117, Firefox ESR &lt; 115.2 y Thunderbird &lt; 115.2. The Mozilla Foundation Security Advisory describes this flaw as: When `UpdateRegExpStatics` attempted to access `initialStringHeap` it could already have been garbage collected prior to entering the function, which could potentially have led to an exploitable crash. • https://bugzilla.mozilla.org/show_bug.cgi?id=1847397 https://www.mozilla.org/security/advisories/mfsa2023-34 https://www.mozilla.org/security/advisories/mfsa2023-36 https://www.mozilla.org/security/advisories/mfsa2023-38 https://access.redhat.com/security/cve/CVE-2023-4577 https://bugzilla.redhat.com/show_bug.cgi?id=2236075 • CWE-400: Uncontrolled Resource Consumption •

CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0

Memory safety bugs present in Firefox 116, Firefox ESR 115.1, and Thunderbird 115.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2. Errores de seguridad de la memoria presentes en Firefox 116, Firefox ESR 115.1 y Thunderbird 115.1. Algunos de estos errores mostraron evidencia de corrupción de memoria y suponemos que con suficiente esfuerzo algunos de ellos podrían haberse aprovechado para ejecutar código arbitrario. • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1751583%2C1841082%2C1847904%2C1848999 https://www.mozilla.org/security/advisories/mfsa2023-34 https://www.mozilla.org/security/advisories/mfsa2023-36 https://www.mozilla.org/security/advisories/mfsa2023-38 https://access.redhat.com/security/cve/CVE-2023-4585 https://bugzilla.redhat.com/show_bug.cgi?id=2236086 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •

CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0

When calling `JS::CheckRegExpSyntax` a Syntax Error could have been set which would end in calling `convertToRuntimeErrorAndClear`. A path in the function could attempt to allocate memory when none is available which would have caused a newly created Out of Memory exception to be mishandled as a Syntax Error. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2. Al llamar a `JS::CheckRegExpSyntax`, se podría haber establecido un error de sintaxis que terminaría llamando a `convertToRuntimeErrorAndClear`. Una ruta en la función podría intentar asignar memoria cuando no hay ninguna disponible, lo que habría provocado que una excepción de Falta de Memoria recién creada se manejara incorrectamente como un Error de Sintaxis. • https://bugzilla.mozilla.org/show_bug.cgi?id=1839007 https://www.mozilla.org/security/advisories/mfsa2023-34 https://www.mozilla.org/security/advisories/mfsa2023-36 https://www.mozilla.org/security/advisories/mfsa2023-38 https://access.redhat.com/security/cve/CVE-2023-4578 https://bugzilla.redhat.com/show_bug.cgi?id=2236077 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-770: Allocation of Resources Without Limits or Throttling •

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0

When checking if the Browsing Context had been discarded in `HttpBaseChannel`, if the load group was not available then it was assumed to have already been discarded which was not always the case for private channels after the private session had ended. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2. Al comprobar si el contexto de navegación se había descartado en `HttpBaseChannel`, si el grupo de carga no estaba disponible, se suponía que ya se había descartado, lo que no siempre era el caso para los canales privados después de que finalizaba la sesión privada. Esta vulnerabilidad afecta a Firefox &lt; 117, Firefox ESR &lt; 115.2 y Thunderbird &lt; 115.2. The Mozilla Foundation Security Advisory describes this flaw as: When checking if the Browsing Context had been discarded in `HttpBaseChannel`, if the load group was not available then it was assumed to have already been discarded which was not always the case for private channels after the private session had ended. • https://bugzilla.mozilla.org/show_bug.cgi?id=1842030 https://www.mozilla.org/security/advisories/mfsa2023-34 https://www.mozilla.org/security/advisories/mfsa2023-36 https://www.mozilla.org/security/advisories/mfsa2023-38 https://access.redhat.com/security/cve/CVE-2023-4583 https://bugzilla.redhat.com/show_bug.cgi?id=2236082 • CWE-179: Incorrect Behavior Order: Early Validation CWE-754: Improper Check for Unusual or Exceptional Conditions •