Page 102 of 1490 results (0.007 seconds)

CVSS: 3.1EPSS: 0%CPEs: 1EXPL: 0

When typing in a password under certain conditions, a race may have occured where the InputContext was not being correctly set for the input field, resulting in the typed password being saved to the keyboard dictionary. This vulnerability affects Firefox for Android < 80. Cuando se escribe una contraseña bajo determinadas condiciones, es posible que se haya producido una carrera en la que InputContext no estaba siendo ajustado correctamente para el campo de entrada, resultando en que la contraseña escrita se guardada en el diccionario del teclado.&#xa0;Esta vulnerabilidad afecta a Firefox para Android versiones anteriores a 80 • https://bugzilla.mozilla.org/show_bug.cgi?id=1653862 https://www.mozilla.org/security/advisories/mfsa2020-39 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

Mozilla developers reported memory safety bugs present in Firefox 80. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 81. Los desarrolladores de Mozilla reportaron unos bugs de seguridad de la memoria presentes en Firefox versión 80. Algunos de estos bugs han mostrado evidencia de corrupción de la memoria y suponemos que con suficiente esfuerzo algunos de ellos podrían haber sido explotados para ejecutar código arbitrario. • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1656063%2C1656064%2C1656067%2C1660293 https://www.mozilla.org/security/advisories/mfsa2020-42 • CWE-667: Improper Locking CWE-787: Out-of-bounds Write •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

When processing surfaces, the lifetime may outlive a persistent buffer leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 81. Cuando se procesan superficies, la vida útil puede durar más tiempo ante un búfer persistente conllevando a una corrupción de la memoria y un bloqueo potencialmente explotable.&#xa0;Esta vulnerabilidad afecta a Firefox versiones anteriores a 81 • https://bugzilla.mozilla.org/show_bug.cgi?id=1654211 https://www.mozilla.org/security/advisories/mfsa2020-42 • CWE-416: Use After Free •

CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0

When performing EC scalar point multiplication, the wNAF point multiplication algorithm was used; which leaked partial information about the nonce used during signature generation. Given an electro-magnetic trace of a few signature generations, the private key could have been computed. This vulnerability affects Firefox < 80 and Firefox for Android < 80. Cuando se lleva a cabo la multiplicación de puntos escalares EC, se usó el algoritmo de multiplicación de puntos wNAF;&#xa0;que filtró información parcial sobre el nonce usado durante la generación de firmas.&#xa0;Dado un rastro electromagnético de unas pocas generaciones de firmas, la clave privada podría haberse calculado. • https://bugzilla.mozilla.org/show_bug.cgi?id=1631583 https://lists.debian.org/debian-lts-announce/2023/02/msg00021.html https://www.mozilla.org/security/advisories/mfsa2020-36 https://www.mozilla.org/security/advisories/mfsa2020-39 https://access.redhat.com/security/cve/CVE-2020-6829 https://bugzilla.redhat.com/show_bug.cgi?id=1826187 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •

CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 0

Firefox sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove, resulting in JavaScript being executed after pasting attacker-controlled data into a contenteditable element. This vulnerability affects Firefox < 81, Thunderbird < 78.3, and Firefox ESR < 78.3. Firefox a veces ejecutaba el manejador de carga para elementos SVG que el saneador DOM decidió eliminar, resultando en que el JavaScript sea ejecutado después de pegar los datos controlados por el atacante en un elemento satisfactorio.&#xa0;Esta vulnerabilidad afecta a Firefox versiones anteriores a 81, Thunderbird versiones anteriores a 78.3, y Firefox ESR versiones anteriores a 78.3 The Mozilla Foundation Security Advisory describes this flaw as: Firefox sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove, resulting in JavaScript being executed after pasting attacker-controlled data into a contenteditable element. • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00074.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00077.html https://bugzilla.mozilla.org/show_bug.cgi?id=1646140 https://lists.debian.org/debian-lts-announce/2020/10/msg00020.html https://security.gentoo.org/glsa/202010-02 https://www.debian.org/security/2020/dsa-4770 https://www.mozilla.org/security/advisories/mfsa2020-42 https://www.mozilla.org/security/advisories/mfsa2020-43 https://www.mozil • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •