Page 12 of 324 results (0.011 seconds)

CVSS: 10.0EPSS: 1%CPEs: 12EXPL: 0

The Web workers implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allows remote attackers to execute arbitrary code via vectors involving termination of a worker process that has performed a cross-thread object-passing operation in conjunction with use of asm.js. La implementación Web Workers en Mozilla Firefox anterior a 27.0 y SeaMonkey anterior a 2.24 permite a atacantes remotos ejecutar código arbitrario a través de vectores que involucran una terminación de un proceso worker que ha realizado una operación de paso de objeto entre hilos en conjunción con el uso de asm.js • http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html http://osvdb.org/102875 http://secunia.com/advisories/56706 http://secunia.com/advisories/56767 http://secunia.com/advisories/56787 http://secunia.com/advisories/56888 http://www.mozilla.org/security/announce/2014/mfsa2014-11.html http://www.oracle.com/technetwork •

CVSS: 4.3EPSS: 0%CPEs: 24EXPL: 1

Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, does not properly restrict public values in Diffie-Hellman key exchanges, which makes it easier for remote attackers to bypass cryptographic protection mechanisms in ticket handling by leveraging use of a certain value. Mozilla Network Security Services (NSS) anterior a 3.15.4, utilizado en Mozilla Firefox anterior a 27.0, Firefox ESR 24.x anterior a 24.3, Thunderbird anterior a 24.3, SeaMonkey anterior a 2.24 y otros productos, no restringe debidamente los valores públicos en el intercambio de claves de Diffie-Hellman, lo que facilita a atacantes remotos evadir mecanismos de protección criptográfica en el manejo de tickets mediante el aprovechamiento de un cierto valor. It was found that NSS accepted weak Diffie-Hellman Key exchange (DHKE) parameters. This could possibly lead to weak encryption being used in communication between the client and the server. • http://hg.mozilla.org/projects/nss/rev/12c42006aed8 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761 http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127966.html http://lists.fedoraproject.org/pipermail/package-announce/2014-February/129218.html http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html http&# • CWE-326: Inadequate Encryption Strength CWE-358: Improperly Implemented Security Check for Standard •

CVSS: 5.0EPSS: 0%CPEs: 13EXPL: 0

Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allow remote attackers to bypass the Same Origin Policy and obtain sensitive information by using an IFRAME element in conjunction with certain timing measurements involving the document.caretPositionFromPoint and document.elementFromPoint functions. Mozilla Firefox anterior a 27.0 y SeaMonkey anterior a 2.24 permiten a atacantes remotos evadir Same Origin Policy y obtener información sensible usando un elemento IFRAME en conjunción con ciertas medidas de tiempo involucrando las funciones document.caretPositionFromPoint y document.elementFromPoint. • http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html http://osvdb.org/102869 http://secunia.com/advisories/56706 http://secunia.com/advisories/56767 http://secunia.com/advisories/56787 http://secunia.com/advisories/56888 http://www.mozilla.org/security/announce/2014/mfsa2014-05.html http://www.oracle.com/technetwork • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •

CVSS: 7.5EPSS: 0%CPEs: 13EXPL: 0

The Content Security Policy (CSP) implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 operates on XSLT stylesheets according to style-src directives instead of script-src directives, which might allow remote attackers to execute arbitrary XSLT code by leveraging insufficient style-src restrictions. La implementación de Content Security Policy (CSP) en Mozilla Firefox anterior a 27.0 y SeaMonkey anterior a 2.24 opera en hojas de estilo XSLT acorde con las directivas style-src en vez de las directivas script-src, lo que permitiría a atacantes remotos ejecutar código XSLT arbitrario mediante el aprovechamiento de las insuficientes restricciones style-src. • http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html http://osvdb.org/102871 http://secunia.com/advisories/56706 http://secunia.com/advisories/56767 http://secunia.com/advisories/56787 http://secunia.com/advisories/56888 http://www.mozilla.org/security/announce/2014/mfsa2014-07.html http://www.oracle.com/technetwork •

CVSS: 10.0EPSS: 1%CPEs: 9EXPL: 0

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the MPostWriteBarrier class in js/src/jit/MIR.h and stack alignment in js/src/jit/AsmJS.cpp in OdinMonkey, and unknown other vectors. Múltiples vulnerabilidades no especificadas en el motor de navegación en Mozilla Firefox anterior a 27.0 y SeaMonkey anterior a 2.24 permite a atacantes remotos causar una denegación de servicio (corrupción de memoria y caída de la aplicación) o posiblemente ejecutar un código arbitrario a través de vectores relacionados con la clase MPostWriteBarrier en js/src/jit/MIR.h y alineación de pila en js/src/jit/AsmJS.cpp en OdinMonkey y otros vectores desconocidos. • http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html http://osvdb.org/102865 http://secunia.com/advisories/56706 http://secunia.com/advisories/56767 http://secunia.com/advisories/56787 http://secunia.com/advisories/56888 http://secunia.com/advisories/56922 http://www.mozilla.org/security/announce/2014/mfsa2014-01.html& • CWE-787: Out-of-bounds Write •