Page 109 of 2292 results (0.009 seconds)

CVSS: 4.4EPSS: 0%CPEs: 5EXPL: 0

During RSA key generation, bignum implementations used a variation of the Binary Extended Euclidean Algorithm which entailed significantly input-dependent flow. This allowed an attacker able to perform electromagnetic-based side channel attacks to record traces leading to the recovery of the secret primes. *Note:* An unmodified Firefox browser does not generate RSA keys in normal operation and is not affected, but products built on top of it might. This vulnerability affects Firefox < 78. Durante la generación de claves RSA, las implementaciones de bignum usaron una variación del Binary Extended Euclidean Algorithm que implicaba un flujo significativamente dependiente de la entrada. • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00018.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00027.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00049.html https://bugzilla.mozilla.org/show_bug.cgi?id=1631597 https://lists.debian.org/debian-lts-announce/2020/09/msg00029.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/ • CWE-203: Observable Discrepancy CWE-327: Use of a Broken or Risky Cryptographic Algorithm •

CVSS: 9.3EPSS: 0%CPEs: 9EXPL: 1

Due to confusion about ValueTags on JavaScript Objects, an object may pass through the type barrier, resulting in memory corruption and a potentially exploitable crash. *Note: this issue only affects Firefox on ARM64 platforms.* This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0. Debido a una confusión acerca de ValueTags en objetos JavaScript, un objeto puede pasar a través de la barrera de tipo, resultando en una corrupción de la memoria y un bloqueo potencialmente explotable. *Nota: este problema solo afecta a Firefox en las plataformas ARM64. * Esta vulnerabilidad afecta a Firefox ESR versiones anteriores a 68.10, Firefox versiones anteriores a 78 y Thunderbird versiones anteriores a 68.10.0 The Mozilla Foundation Security Advisory describes this flaw as: Due to confusion about ValueTags on JavaScript Objects, an object may pass through the type barrier, resulting in memory corruption and a potentially exploitable crash. • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00023.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00026.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00027.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00049.html https://bugzilla.mozilla.org/show_bug.cgi?id=1640737 https://security.gentoo.org/glsa/202007-09 https://security.gentoo.org/glsa/202007-10 https://usn.ubuntu.com/4421-1 https://www.mozilla. • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-617: Reachable Assertion CWE-681: Incorrect Conversion between Numeric Types CWE-787: Out-of-bounds Write •

CVSS: 6.5EPSS: 1%CPEs: 9EXPL: 0

Manipulating individual parts of a URL object could have caused an out-of-bounds read, leaking process memory to malicious JavaScript. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0. La manipulación de partes individuales de un objeto URL podría haber causado una lectura fuera de límites, filtrando la memoria de proceso a un JavaScript malicioso. Esta vulnerabilidad afecta a Firefox ESR versiones anteriores a 68.10, Firefox versiones anteriores a 78 y Thunderbird versiones anteriores a 68.10.0 The Mozilla Foundation Security Advisory describes this flaw as: Manipulating individual parts of a URL object could have caused an out-of-bounds read, leaking process memory to malicious JavaScript. • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00023.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00026.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00027.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00049.html https://bugzilla.mozilla.org/show_bug.cgi?id=1641303 https://security.gentoo.org/glsa/202007-09 https://security.gentoo.org/glsa/202007-10 https://usn.ubuntu.com/4421-1 https://www.mozilla. • CWE-125: Out-of-bounds Read CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

Due to confusion processing a hyphen character in Date.parse(), a one-byte out of bounds read could have occurred, leading to potential information disclosure. This vulnerability affects Firefox < 78. Debido a una confusión al procesar un carácter hyph en la función Date.parse(), podría haber ocurrido una lectura fuera de límites de un byte, conllevando a una potencial divulgación de información. Esta vulnerabilidad afecta a Firefox versiones anteriores a 78 • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00027.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00049.html https://bugzilla.mozilla.org/show_bug.cgi?id=1634738 https://security.gentoo.org/glsa/202007-10 https://www.mozilla.org/security/advisories/mfsa2020-24 https://access.redhat.com/security/cve/CVE-2020-12425 https://bugzilla.redhat.com/show_bug.cgi?id=1872540 • CWE-125: Out-of-bounds Read •

CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0

When constructing a permission prompt for WebRTC, a URI was supplied from the content process. This URI was untrusted, and could have been the URI of an origin that was previously granted permission; bypassing the prompt. This vulnerability affects Firefox < 78. Cuando se construye un aviso de permiso para WebRTC, se suministraba un URI desde el proceso de contenido. Este URI no era confiable, y podría haber sido el URI de un origen que previamente se le concediera permiso; omitiendo el aviso. • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00027.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00049.html https://bugzilla.mozilla.org/show_bug.cgi?id=1562600 https://security.gentoo.org/glsa/202007-10 https://www.mozilla.org/security/advisories/mfsa2020-24 https://access.redhat.com/security/cve/CVE-2020-12424 https://bugzilla.redhat.com/show_bug.cgi?id=1872539 • CWE-276: Incorrect Default Permissions CWE-451: User Interface (UI) Misrepresentation of Critical Information •