Page 122 of 2037 results (0.013 seconds)

CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0

When Python was installed on Windows, a python file being served with the MIME type of text/plain could be executed by Python instead of being opened as a text file when the Open option was selected upon download. *Note: this issue only occurs on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 72. Cuando Python se instaló en Windows, un archivo de Python que es servido con el tipo MIME de text/plain podría ser ejecutado por Python en lugar de abrirlo como un archivo de texto cuando la opción Open fue seleccionada al descargar. • https://bugzilla.mozilla.org/show_bug.cgi?id=1568003 https://www.mozilla.org/security/advisories/mfsa2020-01 •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

When in Private Browsing Mode on Windows 10, the Windows keyboard may retain word suggestions to improve the accuracy of the keyboard. This vulnerability affects Firefox < 72. Cuando se encuentra en Private Browsing Mode en Windows 10, el teclado de Windows puede retener sugerencias de palabras para mejorar la precisión del teclado. Esta vulnerabilidad afecta a Firefox versiones anteriores a la versión 72. • https://bugzilla.mozilla.org/show_bug.cgi?id=1549394 https://www.mozilla.org/security/advisories/mfsa2020-01 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 8.8EPSS: 0%CPEs: 17EXPL: 0

Due to a missing case handling object types, a type confusion vulnerability could occur, resulting in a crash. We presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72. Debido a una falta de tipos de objetos del manejo de casos, podría ocurrir una vulnerabilidad de confusión de tipos, resultando en un bloqueo. Suponemos que con el esfuerzo suficiente podría ser explotado para ejecutar código arbitrario. • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00029.html http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00043.html http://packetstormsecurity.com/files/155912/Slackware-Security-Advisory-mozilla-thunderbird-Updates.html https://access.redhat.com/errata/RHSA-2020:0085 https://access.redhat.com/errata/RHSA-2020:0086 https://access.redhat.com/errata/RHSA-2020:0111 https://access.redhat.com/errata/RHSA-2020:0120 https://access.redhat.com/errata/RHSA-2020:0123 https: • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •

CVSS: 6.1EPSS: 0%CPEs: 17EXPL: 0

When pasting a &lt;style&gt; tag from the clipboard into a rich text editor, the CSS sanitizer incorrectly rewrites a @namespace rule. This could allow for injection into certain types of websites resulting in data exfiltration. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72. Al pegar un &lt;style&gt; etiqueta del portapapeles en un editor de texto enriquecido, el saneador CSS reescribe incorrectamente una regla @namespace. Esto podría permitir una inyección en ciertos tipos de sitios web resultando en la filtración de datos. • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00029.html http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00043.html http://packetstormsecurity.com/files/155912/Slackware-Security-Advisory-mozilla-thunderbird-Updates.html https://access.redhat.com/errata/RHSA-2020:0085 https://access.redhat.com/errata/RHSA-2020:0086 https://access.redhat.com/errata/RHSA-2020:0111 https://access.redhat.com/errata/RHSA-2020:0120 https://access.redhat.com/errata/RHSA-2020:0123 https: • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 1%CPEs: 3EXPL: 0

During the initialization of a new content process, a pointer offset can be manipulated leading to memory corruption and a potentially exploitable crash in the parent process. *Note: this issue only occurs on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72. Durante la inicialización de un nuevo proceso de contenido, un desplazamiento del puntero puede ser manipulado lo que conlleva a una corrupción de memoria y un bloqueo explotable potencialmente en el proceso principal. * Nota: este problema solo ocurre en Windows. • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00029.html http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00043.html http://packetstormsecurity.com/files/155912/Slackware-Security-Advisory-mozilla-thunderbird-Updates.html https://bugzilla.mozilla.org/show_bug.cgi?id=1599005 https://seclists.org/bugtraq/2020/Jan/18 https://www.mozilla.org/security/advisories/mfsa2020-01 https://www.mozilla.org/security/advisories/mfsa2020-02 • CWE-787: Out-of-bounds Write •