Page 106 of 543 results (0.010 seconds)

CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0

CVE-2020-15653 – Mozilla: Bypassing iframe sandbox when allowing popups

https://notcve.org/view.php?id=CVE-2020-15653

An iframe sandbox element with the allow-popups flag could be bypassed when using noopener links. This could have led to security issues for websites relying on sandbox configurations that allowed popups and hosted arbitrary content. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1. Un elemento del sandbox de iframe con el flag allow-popups podría ser omitida cuando se usan enlaces noopener. Esto podría haber conllevado a problemas de seguridad para los sitios web que dependen de configuraciones de sandbox que permitían ventanas emergentes y alojaban contenido arbitrario. • http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00025.html https://bugzilla.mozilla.org/show_bug.cgi?id=1521542 https://usn.ubuntu.com/4443-1 https://www.mozilla.org/security/advisories/mfsa2020-30 https://www.mozilla.org/security/advisories/mfsa2020-32 https://www.mozilla.org/security/advisories/mfsa2020-33 https://access.redhat.com/security/cve/CVE-2020-15653 https://bugzilla.redhat.com/show_bug.cgi?id=1861645 • CWE-276: Incorrect Default Permissions •

CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0

CVE-2020-15652 – Mozilla: Potential leak of redirect targets when loading scripts in a worker

https://notcve.org/view.php?id=CVE-2020-15652

By observing the stack trace for JavaScript errors in web workers, it was possible to leak the result of a cross-origin redirect. This applied only to content that can be parsed as script. This vulnerability affects Firefox < 79, Firefox ESR < 68.11, Firefox ESR < 78.1, Thunderbird < 68.11, and Thunderbird < 78.1. Al observar el seguimiento de la pila de errores de JavaScript en los trabajadores web, fue posible filtrar el resultado de un redireccionamiento de origen cruzado. Esto se aplica solo al contenido que puede ser analizado como script. • http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00032.html https://bugzilla.mozilla.org/show_bug.cgi?id=1634872 https://usn.ubuntu.com/4443-1 https://www.mozilla.org/security/advisories/mfsa2020-30 https://www.mozilla.org/security/advisories/mfsa2020-31 https://www.mozilla.org/security/advisories/mfsa2020-32 https://www.mozill • CWE-209: Generation of Error Message Containing Sensitive Information CWE-346: Origin Validation Error •

CVSS: 9.3EPSS: 0%CPEs: 10EXPL: 0

CVE-2020-15659 – Mozilla: Memory safety bugs fixed in Firefox 79 and Firefox ESR 68.11

https://notcve.org/view.php?id=CVE-2020-15659

Mozilla developers and community members reported memory safety bugs present in Firefox 78 and Firefox ESR 78.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 79, Firefox ESR < 68.11, Firefox ESR < 78.1, Thunderbird < 68.11, and Thunderbird < 78.1. Los desarrolladores de Mozilla y los miembros de la comunidad informaron bugs de seguridad de la memoria presentes en Firefox versión 78 y Firefox ESR versión 78.0. Algunos de estos bugs mostraron evidencia de corrupción de la memoria y suponemos que con un suficiente esfuerzo algunos de ellos podrían haberse explotado para ejecutar código arbitrario. • http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00032.html https://bugzilla.mozilla.org/buglist.cgi?bug_id=1550133%2C1633880%2C1643613%2C1644839%2C1645835%2C1646006%2C1646787%2C1649347%2C1650811%2C1651678 https://usn.ubuntu.com/4443-1 https://www.mozilla.org/security/advisories/mfsa2020-30 https://www.mozilla.org/security/advisories/mfsa2020-31 https • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •

CVSS: 7.5EPSS: 97%CPEs: 51EXPL: 2

CVE-2007-0981 – Mozilla Firefox 2.0.0.1 - 'location.hostname' Cross-Domain

https://notcve.org/view.php?id=CVE-2007-0981

Mozilla based browsers, including Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8, allow remote attackers to bypass the same origin policy, steal cookies, and conduct other attacks by writing a URI with a null byte to the hostname (location.hostname) DOM property, due to interactions with DNS resolver code. Una vulnerabilidad en los navegadores basados ??en Mozilla, incluidos Firefox anterior a versión 1.5.0.10 y versión 2.x anterior a 2.0.0.2, y SeaMonkey anterior a versión 1.0.8, permiten a los atacantes remotos omitir la políticas de mismo origen, robar cookies y conducir otros ataques escribiendo un URI con un byte NULL a la propiedad DOM del host (location.hostname), debido a las interacciones con el código de resolución DNS. • https://www.exploit-db.com/exploits/3340 ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc http://fedoranews.org/cms/node/2713 http://fedoranews.org/cms/node/2728 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 http://lcamtuf.dione.cc/ffhostname.html http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html http://rhn.redhat.com/errat • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 7.5EPSS: 46%CPEs: 30EXPL: 0

CVE-2006-5159

https://notcve.org/view.php?id=CVE-2006-5159

Stack-based buffer overflow in Mozilla Firefox allows remote attackers to execute arbitrary code via unspecified vectors involving JavaScript. NOTE: the vendor and original researchers have released a follow-up comment disputing the severity of this issue, in which the researcher states that "we mentioned that there was a previously known Firefox vulnerability that could result in a stack overflow ending up in remote code execution. However, the code we presented did not in fact do this... I have not succeeded in making this code do anything more than cause a crash and eat up system resources" ** IMPUGNADA ** Desbordamiento de búfer basado en pila en Mozilla Firefox permite a atacantes remotos ejecutar código de su elección mediante vectores no especificados implicando JavaScript. NOTA: el vendedor e investigadores originales han liberado un comentario de continuación impugnando la severidad de este asunto, en el cual el investigador afirma que "hemos mencionado que hubo una vulnerabilidad en Firefox previamente conocida que podría provocar un desbordamiento de pila permitiendo ejecución remota de código. • http://developer.mozilla.org/devnews/index.php/2006/10/02/update-possible-vulnerability-reported-at-toorcon http://securityreason.com/securityalert/1678 http://securitytracker.com/id?1016962 http://www.securityfocus.com/archive/1/447493/100/0/threaded http://www.securityfocus.com/archive/1/447497/100/0/threaded http://www.securityfocus.com/bid/20282 http://www.securityfocus.com/bid/20294 http://www.securitypronews.com/insiderreports/insider/spn-49-20061003FirefoxVulnerabilityClaimWasAJoke.html https:// •