CVSS: 6.1EPSS: 1%CPEs: 3EXPL: 0CVE-2020-6798 – Mozilla: Incorrect parsing of template tag could result in JavaScript injection
https://notcve.org/view.php?id=CVE-2020-6798
If a template tag was used in a select tag, the parser could be confused and allow JavaScript parsing and execution when it should not be allowed. A site that relied on the browser behaving correctly could suffer a cross-site scripting vulnerability as a result. In general, this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but is potentially a risk in browser or browser-like contexts. This vulnerability affects Thunderbird < 68.5, Firefox < 73, and Firefox < ESR68.5. Si se usó una etiqueta template en una etiqueta select, el analizador podría ser confundido y permitir el análisis y la ejecución de JavaScript cuando no debería ser permitido. • https://bugzilla.mozilla.org/show_bug.cgi?id=1602944 https://security.gentoo.org/glsa/202003-02 https://security.gentoo.org/glsa/202003-10 https://usn.ubuntu.com/4278-2 https://usn.ubuntu.com/4328-1 https://usn.ubuntu.com/4335-1 https://www.mozilla.org/security/advisories/mfsa2020-05 https://www.mozilla.org/security/advisories/mfsa2020-06 https://www.mozilla.org/security/advisories/mfsa2020-07 https://access.redhat.com/security/cve/CVE-2020-6798 https://bugzilla. • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2011-2669
https://notcve.org/view.php?id=CVE-2011-2669
Mozilla Firefox prior to 3.6 has a DoS vulnerability due to an issue in the validation of certificates. Mozilla Firefox versiones anteriores a 3.6, presenta una vulnerabilidad de DoS debido a un problema en la comprobación de certificados. • http://jvn.jp/en/jp/JVN70984231/index.html • CWE-295: Improper Certificate Validation •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2011-2668
https://notcve.org/view.php?id=CVE-2011-2668
Mozilla Firefox through 1.5.0.3 has a vulnerability in processing the content-length header Mozilla Firefox versiones hasta 1.5.0.3, presenta una vulnerabilidad en el procesamiento del encabezado content-length. • http://jvn.jp/en/jp/JVN36721438/index.html •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2011-2670
https://notcve.org/view.php?id=CVE-2011-2670
Mozilla Firefox before 3.6 is vulnerable to XSS via the rendering of Cascading Style Sheets Mozilla Firefox versiones anteriores a la versión 3.6, es vulnerable a un ataque de tipo XSS por medio de la renderización de Cascading Style Sheets. • http://jvn.jp/en/jp/JVN74649877/index.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 47%CPEs: 4EXPL: 4CVE-2019-17026 – Mozilla Firefox And Thunderbird Type Confusion Vulnerability
https://notcve.org/view.php?id=CVE-2019-17026
Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR < 68.4.1, Thunderbird < 68.4.1, and Firefox < 72.0.1. Una información de alias incorrecta en compilador IonMonkey JIT para establecer los elementos de la matriz podría conllevar a una confusión de tipo. Estamos conscientes de los ataques dirigidos "in the wild" abusando de este fallo. • https://www.exploit-db.com/exploits/49864 https://github.com/maxpl0it/CVE-2019-17026-Exploit https://github.com/lsw29475/CVE-2019-17026 http://packetstormsecurity.com/files/162568/Firefox-72-IonMonkey-JIT-Type-Confusion.html https://bugzilla.mozilla.org/show_bug.cgi?id=1607443 https://security.gentoo.org/glsa/202003-02 https://usn.ubuntu.com/4335-1 https://www.mozilla.org/security/advisories/mfsa2020-03 https://www.mozilla.org/security/advisories/mfsa2020-04 https://access.redhat& • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •