Page 101 of 1079 results (0.007 seconds)

CVSS: 6.1EPSS: 0%CPEs: 17EXPL: 0

Under certain circumstances the "fetch()" API can return transient local copies of resources that were sent with a "no-store" or "no-cache" cache header instead of downloading a copy from the network as it should. This can result in previously stored, locally cached data of a website being accessible to users if they share a common profile while browsing. This vulnerability affects Firefox ESR < 52.7 and Firefox < 59. Bajo ciertas circunstancias, la API "fetch()" puede devolver copias locales transitorias de recursos que se enviaron con una cabecera de caché "no-store" o "no-cache" en lugar de descargar una copia de la red, que es lo recomendado. Esto puede dar lugar a que los usuarios puedan acceder a los datos almacenados previamente y almacenados en la caché local de un sitio web si comparten un perfil común durante la navegación. • http://www.securityfocus.com/bid/103388 http://www.securitytracker.com/id/1040514 https://access.redhat.com/errata/RHSA-2018:0526 https://access.redhat.com/errata/RHSA-2018:0527 https://bugzilla.mozilla.org/show_bug.cgi?id=1440775 https://lists.debian.org/debian-lts-announce/2018/03/msg00010.html https://security.gentoo.org/glsa/201810-01 https://usn.ubuntu.com/3596-1 https://www.debian.org/security/2018/dsa-4139 https://www.mozilla.org/security/advisories/mfsa2018-06&# • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer •

CVSS: 8.8EPSS: 0%CPEs: 17EXPL: 0

When packets with a mismatched RTP payload type are sent in WebRTC connections, in some circumstances a potentially exploitable crash is triggered. This vulnerability affects Firefox ESR < 52.7 and Firefox < 59. Cuando se envían paquetes con un tipo de carga útil RTP no coincidente en conexiones WebRTC, en algunas circunstancias, se desencadena un fallo potencialmente explotable. Esta vulnerabilidad afecta a las versiones anteriores a la 52.7 de Firefox ESR y las versiones anteriores a la 59 de Firefox. • http://www.securityfocus.com/bid/103388 http://www.securitytracker.com/id/1040514 https://access.redhat.com/errata/RHSA-2018:0526 https://access.redhat.com/errata/RHSA-2018:0527 https://bugzilla.mozilla.org/show_bug.cgi?id=1433005 https://lists.debian.org/debian-lts-announce/2018/03/msg00010.html https://security.gentoo.org/glsa/201810-01 https://usn.ubuntu.com/3596-1 https://www.debian.org/security/2018/dsa-4139 https://www.mozilla.org/security/advisories/mfsa2018-06&# • CWE-20: Improper Input Validation CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •

CVSS: 8.8EPSS: 0%CPEs: 18EXPL: 0

A buffer overflow can occur when manipulating the SVG "animatedPathSegList" through script. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.7, Firefox ESR < 52.7, and Firefox < 59. Se puede producir un desbordamiento de búfer cuando se manipula el SVG "animatedPathSegList" mediante un script. Esto resulta en un cierre inesperado explotable. • http://www.securityfocus.com/bid/103388 http://www.securitytracker.com/id/1040514 https://access.redhat.com/errata/RHSA-2018:0526 https://access.redhat.com/errata/RHSA-2018:0527 https://access.redhat.com/errata/RHSA-2018:0647 https://access.redhat.com/errata/RHSA-2018:0648 https://bugzilla.mozilla.org/show_bug.cgi?id=1430557 https://lists.debian.org/debian-lts-announce/2018/03/msg00010.html https://lists.debian.org/debian-lts-announce/2018/03/msg00029.html https://securi • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •

CVSS: 9.8EPSS: 0%CPEs: 18EXPL: 0

A use-after-free vulnerability can occur during mouse event handling due to issues with multiprocess support. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58. Puede ocurrir una vulnerabilidad de uso de memoria previamente liberada durante el manejo de eventos de ratón debido a problemas con el soporte multiproceso. Esto resulta en un cierre inesperado explotable. • http://www.securityfocus.com/bid/102783 http://www.securitytracker.com/id/1040270 https://access.redhat.com/errata/RHSA-2018:0122 https://access.redhat.com/errata/RHSA-2018:0262 https://bugzilla.mozilla.org/show_bug.cgi?id=1423159 https://lists.debian.org/debian-lts-announce/2018/01/msg00030.html https://lists.debian.org/debian-lts-announce/2018/01/msg00036.html https://usn.ubuntu.com/3544-1 https://www.debian.org/security/2018/dsa-4096 https://www.debian.org/securi • CWE-416: Use After Free •

CVSS: 6.1EPSS: 0%CPEs: 22EXPL: 0

If right-to-left text is used in the addressbar with left-to-right alignment, it is possible in some circumstances to scroll this text to spoof the displayed URL. This issue could result in the wrong URL being displayed as a location, which can mislead users to believe they are on a different site than the one loaded. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58. Si se utiliza texto de derecha a izquierda en la barra de direcciones con alineación de izquierda a derecha, en algunas circunstancias es posible desplazar este texto para falsificar la URL mostrada. Este problema puede provocar que se muestre una URL incorrecta como ubicación, lo que puede inducir a los usuarios a error al creer que se encuentran en un sitio diferente al que se ha cargado. • http://www.securityfocus.com/bid/102783 http://www.securitytracker.com/id/1040270 https://access.redhat.com/errata/RHSA-2018:0122 https://access.redhat.com/errata/RHSA-2018:0262 https://bugzilla.mozilla.org/show_bug.cgi?id=1395508 https://lists.debian.org/debian-lts-announce/2018/01/msg00030.html https://lists.debian.org/debian-lts-announce/2018/01/msg00036.html https://usn.ubuntu.com/3544-1 https://www.debian.org/security/2018/dsa-4096 https://www.debian.org/securi • CWE-451: User Interface (UI) Misrepresentation of Critical Information •