Page 107 of 1524 results (0.011 seconds)

CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 0

14 Dec 2016 — Memory safety bugs were reported in Firefox 50.0.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 50.1. Se han reportado errores de seguridad de memoria en Firefox 50.0.2. Algunos de estos errores mostraron evidencias de corrupción de memoria y se entiende que, con el suficiente esfuerzo, algunos de estos podrían explotarse para ejecutar código arbitrario. • http://www.securityfocus.com/bid/94883 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 0

14 Dec 2016 — A buffer overflow in SkiaGl caused when a GrGLBuffer is truncated during allocation. Later writers will overflow the buffer, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 50.1. Se ha provocado un desbordamiento de búfer en SkiaGl cuando se trunca un GrGLBuffer durante la asignación. Las escrituras posteriores desbordarán el búfer, lo que resulta en un cierre inesperado potencialmente explotable. • http://www.securityfocus.com/bid/94883 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 8.1EPSS: 2%CPEs: 1EXPL: 1

14 Dec 2016 — Use-after-free while manipulating the "navigator" object within WebVR. Note: WebVR is not currently enabled by default. This vulnerability affects Firefox < 50.1. Uso de memoria previamente liberada al manipular el objeto "navigator" en WebVR. Nota: Actualmente, WebVR no está habilitado por defecto. • http://www.securityfocus.com/bid/94883 • CWE-416: Use After Free •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

14 Dec 2016 — Mozilla's add-ons SDK had a world-accessible resource with an HTML injection vulnerability. If an additional vulnerability allowed this resource to be loaded as a document it could allow injecting content and script into an add-on's context. This vulnerability affects Firefox < 50.1. El SDK de add-ons de Mozilla tenía un recurso accesible globalmente con una vulnerabilidad de inyección HTML. Si una vulnerabilidad adicional permite que este recurso se cargue como documento, podría permitir la adición de cont... • http://www.securityfocus.com/bid/94883 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 85%CPEs: 26EXPL: 8

01 Dec 2016 — A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows. This vulnerability affects Firefox < 50.0.2, Firefox ESR < 45.5.1, and Thunderbird < 45.5.1. Se ha descubierto una vulnerabilidad de uso de memoria previamente liberada en SVG Animation. Se ha descubierto un exploit construido sobre esta vulnerabilidad "in the wild" que apunta a usuarios de Firefox y Tor Browser en Win... • https://packetstorm.news/files/id/140696 • CWE-416: Use After Free •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

19 Nov 2016 — A use-after-free in nsINode::ReplaceOrInsertBefore during DOM operations resulting in potentially exploitable crashes. This vulnerability affects Firefox < 50. Un error de uso de memoria previamente liberada en nsINode::ReplaceOrInsertBefore durante operaciones DOM resultan en cierres inesperados potencialmente explotables. La vulnerabilidad afecta a Firefox en versiones anteriores a la 50. Christian Holler, Andrew McCreight, Dan Minor, Tyson Smith, Jon Coppeard, Jan-Ivar Bruaroey, Jesse Ruderman, Markus St... • http://www.securityfocus.com/bid/94337 • CWE-416: Use After Free •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

19 Nov 2016 — Content Security Policy combined with HTTP to HTTPS redirection can be used by malicious server to verify whether a known site is within a user's browser history. This vulnerability affects Firefox < 50. Content Security Policy, junto con la redirección HTTP a HTTPS, puede ser empleado por un servidor malicioso para verificar si un sitio conocido existe en el historial de navegación de un usuario. La vulnerabilidad afecta a Firefox en versiones anteriores a la 50. Christian Holler, Andrew McCreight, Dan Min... • http://www.securityfocus.com/bid/94337 • CWE-254: 7PK - Security Features •

CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0

19 Nov 2016 — An issue where a "<select>" dropdown menu can be used to cover location bar content, resulting in potential spoofing attacks. This attack requires e10s to be enabled in order to function. This vulnerability affects Firefox < 50. Un problema por el cual un menú desplegable "" puede emplearse para cubrir el contenido de la barra de direcciones, lo que resulta en potenciales ataques de suplantación. Este ataque requiere que los e10s estén habilitados para tener éxito. • http://www.securityfocus.com/bid/94337 • CWE-20: Improper Input Validation •

CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 0

19 Nov 2016 — Memory safety bugs were reported in Firefox 49. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 50. Se han reportado errores de seguridad de memoria en Firefox 49. Algunos de estos errores mostraron evidencias de corrupción de memoria y se entiende que, con el suficiente esfuerzo, algunos de estos podrían explotarse para ejecutar código arbitrario. • http://www.securityfocus.com/bid/94337 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 6.5EPSS: 1%CPEs: 1EXPL: 0

19 Nov 2016 — During URL parsing, a maliciously crafted URL can cause a potentially exploitable crash. This vulnerability affects Firefox < 50. Durante el análisis de URL, una URL maliciosamente manipulada podría provocar un cierre inesperado potencialmente explotable. La vulnerabilidad afecta a Firefox en versiones anteriores a la 50. Christian Holler, Andrew McCreight, Dan Minor, Tyson Smith, Jon Coppeard, Jan-Ivar Bruaroey, Jesse Ruderman, Markus Stange, Olli Pettay, Ehsan Akhgari, Gary Kwong, Tooru Fujisawa, and Rand... • http://www.securityfocus.com/bid/94337 • CWE-20: Improper Input Validation •