Page 107 of 2526 results (0.009 seconds)

CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0

Firefox could be made to load attacker-supplied DLL files from the installation directory. This required an attacker that is already capable of placing files in the installation directory. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1. • http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00025.html https://bugzilla.mozilla.org/show_bug.cgi?id=1644954 https://www.mozilla.org/security/advisories/mfsa2020-30 https://www.mozilla.org/security/advisories/mfsa2020-32 https://www.mozilla.org/security/advisories/mfsa2020-33 • CWE-427: Uncontrolled Search Path Element •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

A rogue webpage could override the injected WKUserScript used by the download feature, this exploit could result in the user downloading an unintended file. This vulnerability affects Firefox for iOS < 28. Una página web fraudulenta podría anular el WKUserScript inyectado usado por la funcionalidad download; esta explotación podría resultar en que el usuario descargue un archivo no deseado. Esta vulnerabilidad afecta a Firefox para iOS versiones anteriores a 28 • https://bugzilla.mozilla.org/show_bug.cgi?id=1653827 https://www.mozilla.org/security/advisories/mfsa2020-34 •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

A rogue webpage could override the injected WKUserScript used by the logins autofill, this exploit could result in leaking a password for the current domain. This vulnerability affects Firefox for iOS < 28. Una página web fraudulenta podría anular el WKUserScript inyectado usado por el autocompletado de inicios de sesión, esta explotación podría resultar en el filtrado de una contraseña para el dominio actual. Esta vulnerabilidad afecta a Firefox para iOS versiones anteriores a 28 • https://bugzilla.mozilla.org/show_bug.cgi?id=1654131 https://www.mozilla.org/security/advisories/mfsa2020-34 • CWE-522: Insufficiently Protected Credentials •

CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 0

A redirected HTTP request which is observed or modified through a web extension could bypass existing CORS checks, leading to potential disclosure of cross-origin information. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1. Una petición HTTP redireccionada que es observada o modificada por medio de una extensión web podría omitir las comprobaciones de CORS existentes, conllevando a una potencial divulgación de información de origen cruzado. Esta vulnerabilidad afecta a Firefox ESR versiones anteriores a 78.1, Firefox versiones anteriores a 79 y Thunderbird versiones anteriores a 78.1 • http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00025.html https://bugzilla.mozilla.org/show_bug.cgi?id=1645204 https://usn.ubuntu.com/4443-1 https://www.mozilla.org/security/advisories/mfsa2020-30 https://www.mozilla.org/security/advisories/mfsa2020-32 https://www.mozilla.org/security/advisories/mfsa2020-33 •

CVSS: 9.3EPSS: 0%CPEs: 7EXPL: 0

JIT optimizations involving the Javascript arguments object could confuse later optimizations. This risk was already mitigated by various precautions in the code, resulting in this bug rated at only moderate severity. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1. Las optimizaciones JIT que involucran el objeto de argumentos de Javascript podrían confundir optimizaciones posteriores. Este riesgo ya fue mitigado por varias precauciones en el código, resultando en este error calificado con una severidad moderada. • http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00025.html https://bugzilla.mozilla.org/show_bug.cgi?id=1647293 https://usn.ubuntu.com/4443-1 https://www.mozilla.org/security/advisories/mfsa2020-30 https://www.mozilla.org/security/advisories/mfsa2020-32 https://www.mozilla.org/security/advisories/mfsa2020-33 https://access.redhat.com/security/cve/CVE-2020-15656 https://bugzilla.redhat.com/show_bug.cgi?id=1861646 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •