Page 12 of 2511 results (0.005 seconds)

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

An attacker with temporary script access to a site could have set a cookie containing invalid characters using `document.cookie` that could have led to unknown errors. This vulnerability affects Firefox < 119. Un atacante con acceso temporal a un script de un sitio podría haber configurado una cookie que contenía caracteres no válidos utilizando `document.cookie`, lo que podría haber provocado errores desconocidos. Esta vulnerabilidad afecta a Firefox &lt; 119. • https://bugzilla.mozilla.org/show_bug.cgi?id=1802057 https://security.gentoo.org/glsa/202401-10 https://www.mozilla.org/security/advisories/mfsa2023-45 •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

Using iterative requests an attacker was able to learn the size of an opaque response, as well as the contents of a server-supplied Vary header. This vulnerability affects Firefox < 119. Mediante solicitudes iterativas, un atacante pudo conocer el tamaño de una respuesta opaque, así como el contenido de un encabezado Vary proporcionado por el servidor. Esta vulnerabilidad afecta a Firefox &lt; 119. • https://bugzilla.mozilla.org/show_bug.cgi?id=1738426 https://security.gentoo.org/glsa/202401-10 https://www.mozilla.org/security/advisories/mfsa2023-45 • CWE-203: Observable Discrepancy •

CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0

It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an insufficient activation-delay. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1. Era posible que el usuario activara o descartara ciertas indicaciones y cuadros de diálogo del navegador debido a una insuficiente activación del delay. Esta vulnerabilidad afecta a Firefox &lt; 119, Firefox ESR &lt; 115.4 y Thunderbird &lt; 115.4.1. A flaw was found in Mozilla. • https://bugzilla.mozilla.org/show_bug.cgi?id=1830820 https://lists.debian.org/debian-lts-announce/2023/10/msg00037.html https://lists.debian.org/debian-lts-announce/2023/10/msg00042.html https://www.debian.org/security/2023/dsa-5535 https://www.debian.org/security/2023/dsa-5538 https://www.mozilla.org/security/advisories/mfsa2023-45 https://www.mozilla.org/security/advisories/mfsa2023-46 https://www.mozilla.org/security/advisories/mfsa2023-47 https://access.redhat.com/security • CWE-356: Product UI does not Warn User of Unsafe Actions CWE-1021: Improper Restriction of Rendered UI Layers or Frames •

CVSS: 8.8EPSS: 40%CPEs: 25EXPL: 2

Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) El desbordamiento del búfer en la codificación vp8 en libvpx en Google Chrome anterior a 117.0.5938.132 y libvpx 1.13.1 permitía a un atacante remoto explotar potencialmente la corrupción del montón a través de una página HTML manipulada. (Severidad de seguridad de Chrome: alta) A heap-based buffer overflow flaw was found in the way libvpx, a library used to process VP8 and VP9 video codecs data, processes certain specially formatted video data via a crafted HTML page. This flaw allows an attacker to crash or remotely execute arbitrary code in an application, such as a web browser that is compiled with this library. Google Chromium libvpx contains a heap buffer overflow vulnerability in vp8 encoding that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. • https://github.com/UT-Security/cve-2023-5217-poc https://github.com/Trinadh465/platform_external_libvpx_v1.8.0_CVE-2023-5217 http://seclists.org/fulldisclosure/2023/Oct/12 http://seclists.org/fulldisclosure/2023/Oct/16 http://www.openwall.com/lists/oss-security/2023/09/28/5 http://www.openwall.com/lists/oss-security/2023/09/28/6 http://www.openwall.com/lists/oss-security/2023/09/29/1 http://www.openwall.com/lists/oss-security/2023/09/29/11 http:// • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

During process shutdown, it was possible that an `ImageBitmap` was created that would later be used after being freed from a different codepath, leading to a potentially exploitable crash. This vulnerability affects Firefox < 118. Durante el cierre del proceso, era posible que se creara un "ImageBitmap" que luego se usaría después de liberarse de una ruta de código diferente, lo que provocaría un bloqueo potencialmente explotable. Esta vulnerabilidad afecta a Firefox &lt; 118. • https://bugzilla.mozilla.org/show_bug.cgi?id=1849704 https://security.gentoo.org/glsa/202401-10 https://www.mozilla.org/security/advisories/mfsa2023-41 • CWE-416: Use After Free •