Page 107 of 1506 results (0.006 seconds)

CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0

CVE-2020-15652 – Mozilla: Potential leak of redirect targets when loading scripts in a worker

https://notcve.org/view.php?id=CVE-2020-15652

By observing the stack trace for JavaScript errors in web workers, it was possible to leak the result of a cross-origin redirect. This applied only to content that can be parsed as script. This vulnerability affects Firefox < 79, Firefox ESR < 68.11, Firefox ESR < 78.1, Thunderbird < 68.11, and Thunderbird < 78.1. Al observar el seguimiento de la pila de errores de JavaScript en los trabajadores web, fue posible filtrar el resultado de un redireccionamiento de origen cruzado. Esto se aplica solo al contenido que puede ser analizado como script. • http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00032.html https://bugzilla.mozilla.org/show_bug.cgi?id=1634872 https://usn.ubuntu.com/4443-1 https://www.mozilla.org/security/advisories/mfsa2020-30 https://www.mozilla.org/security/advisories/mfsa2020-31 https://www.mozilla.org/security/advisories/mfsa2020-32 https://www.mozill • CWE-209: Generation of Error Message Containing Sensitive Information CWE-346: Origin Validation Error •

CVSS: 9.3EPSS: 0%CPEs: 10EXPL: 0

CVE-2020-15659 – Mozilla: Memory safety bugs fixed in Firefox 79 and Firefox ESR 68.11

https://notcve.org/view.php?id=CVE-2020-15659

Mozilla developers and community members reported memory safety bugs present in Firefox 78 and Firefox ESR 78.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 79, Firefox ESR < 68.11, Firefox ESR < 78.1, Thunderbird < 68.11, and Thunderbird < 78.1. Los desarrolladores de Mozilla y los miembros de la comunidad informaron bugs de seguridad de la memoria presentes en Firefox versión 78 y Firefox ESR versión 78.0. Algunos de estos bugs mostraron evidencia de corrupción de la memoria y suponemos que con un suficiente esfuerzo algunos de ellos podrían haberse explotado para ejecutar código arbitrario. • http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00032.html https://bugzilla.mozilla.org/buglist.cgi?bug_id=1550133%2C1633880%2C1643613%2C1644839%2C1645835%2C1646006%2C1646787%2C1649347%2C1650811%2C1651678 https://usn.ubuntu.com/4443-1 https://www.mozilla.org/security/advisories/mfsa2020-30 https://www.mozilla.org/security/advisories/mfsa2020-31 https • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2020-12414

https://notcve.org/view.php?id=CVE-2020-12414

IndexedDB should be cleared when leaving private browsing mode and it is not, the API for WKWebViewConfiguration was being used incorrectly and requires the private instance of this object be deleted when leaving private mode. This vulnerability affects Firefox for iOS < 27. IndexedDB debe ser borrada cuando sale del modo de navegación privada y no es así, la API para WKWebViewConfiguration se estaba usando incorrectamente y requiere que la instancia privada de este objeto sea eliminada al abandonar el modo privado. Esta vulnerabilidad afecta a Firefox para iOS versiones anteriores a 27 • https://bugzilla.mozilla.org/show_bug.cgi?id=1646756 https://www.mozilla.org/security/advisories/mfsa2020-23 • CWE-459: Incomplete Cleanup •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

CVE-2020-12412

https://notcve.org/view.php?id=CVE-2020-12412

By navigating a tab using the history API, an attacker could cause the address bar to display the incorrect domain (with the https:// scheme, a blocked port number such as '1', and without a lock icon) while controlling the page contents. This vulnerability affects Firefox < 70. Al navegar en una pestaña usando la API history, un atacante podría causar que la barra de direcciones muestre el dominio incorrecto (con el esquema https://, un número de puerto bloqueado como "1" y sin un ícono de bloqueo) mientras controla los contenidos de la página. Esta vulnerabilidad afecta a Firefox versiones anteriores a 70 • https://bugzilla.mozilla.org/show_bug.cgi?id=1528587 https://www.mozilla.org/security/advisories/mfsa2019-34 •

CVSS: 9.3EPSS: 0%CPEs: 3EXPL: 1

CVE-2020-12416

https://notcve.org/view.php?id=CVE-2020-12416

A VideoStreamEncoder may have been freed in a race condition with VideoBroadcaster::AddOrUpdateSink, resulting in a use-after-free, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox < 78. Un VideoStreamEncoder puede haberse liberado en una condición de carrera con la función VideoBroadcaster::AddOrUpdateSink, resultando en un uso de la memoria previamente liberada, una corrupción de la memoria y un bloqueo potencialmente explotable. Esta vulnerabilidad afecta a Firefox versiones anteriores a 78 • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00027.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00049.html https://bugzilla.mozilla.org/show_bug.cgi?id=1639734 https://security.gentoo.org/glsa/202007-10 https://www.mozilla.org/security/advisories/mfsa2020-24 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •