Page 126 of 1316 results (0.007 seconds)

CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 1

CVE-2016-5291 – Mozilla: Same-origin policy violation using local HTML file and saved shortcut file (MFSA 2016-89, MFSA 2016-90)

https://notcve.org/view.php?id=CVE-2016-5291

A same-origin policy bypass with local shortcut files to load arbitrary local content from disk. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50. Omisión de política del mismo origen con archivos de atajo locales para cargar contenido local arbitrario desde el disco. La vulnerabilidad afecta a Thunderbird en versiones anteriores a la 45.5, Firefox ESR en versiones anteriores a la 45.5 y Firefox en versiones anteriores a la 50. • http://rhn.redhat.com/errata/RHSA-2016-2780.html http://www.securityfocus.com/bid/94336 http://www.securitytracker.com/id/1037298 https://bugzilla.mozilla.org/show_bug.cgi?id=1292159 https://security.gentoo.org/glsa/201701-15 https://www.debian.org/security/2016/dsa-3730 https://www.mozilla.org/security/advisories/mfsa2016-89 https://www.mozilla.org/security/advisories/mfsa2016-90 https://www.mozilla.org/security/advisories/mfsa2016-93 https://access.redhat.com/security/cve&#x • CWE-20: Improper Input Validation •

CVSS: 8.8EPSS: 1%CPEs: 19EXPL: 0

CVE-2016-1953

https://notcve.org/view.php?id=CVE-2016-1953

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 45.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to js/src/jit/arm/Assembler-arm.cpp, and unknown other vectors. Múltiples vulnerabilidades no especificadas en el navegador en Mozilla Firefox en versiones anteriores a 45.0 permite a atacantes remotos causar una denegación de servicio (corrupción de la memoria o caída de la aplicación) o posiblemente ejecutar código arbitrario a través de vectores en relación con js/src/jit/arm/Assembler-arm.cpp, y otros vectores no especificados. • http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html http://lists.opensuse.org/opensuse-security-announce/2016-07 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 8.8EPSS: 2%CPEs: 22EXPL: 0

CVE-2016-1961 – Mozilla Firefox nsHTMLDocument SetBody Use-After-Free Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2016-1961

Use-after-free vulnerability in the nsHTMLDocument::SetBody function in dom/html/nsHTMLDocument.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code by leveraging mishandling of a root element, aka ZDI-CAN-3574. Vulnerabilidad de uso después de liberación de memoria en la función nsHTMLDocument::SetBody en dom/html/nsHTMLDocument.cpp en Mozilla Firefox en versiones anteriores a 45.0 y Firefox ESR 38.x en versiones anteriores a 38.7 permite a atacantes remotos ejecutar código arbitrario mediante el aprovechamiento del manejo incorrecto de un elemento root, también conocido como ZDI-CAN-3574. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of nsHTMLDocument objects. By manipulating a document's elements an attacker can force a nsHTMLDocument object in memory to be reused after it has been freed. • http://hg.mozilla.org/releases/mozilla-release/rev/b208427885d3 http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00089.htm •

CVSS: 8.8EPSS: 1%CPEs: 22EXPL: 0

CVE-2016-1952 – Mozilla: Miscellaneous memory safety hazards (rv:38.7) (MFSA 2016-16)

https://notcve.org/view.php?id=CVE-2016-1952

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el navegador en Mozilla Firefox en versiones anteriores a 45.0 y Firefox ESR 38.x en versiones anteriores a 38.7 permite a atacantes remotos causar una denegación de servicio (corrupción de la memoria o caída de la aplicación) o posiblemente ejecutar código arbitrario a través de vectores no especificados. • http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00089.html http://lists.opensuse.org/opensuse-security-announce/2016-03 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 8.8EPSS: 96%CPEs: 22EXPL: 2

CVE-2016-1960 – Mozilla Firefox nsHtml5TreeBuilder Array Indexing Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2016-1960

Integer underflow in the nsHtml5TreeBuilder class in the HTML5 string parser in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) by leveraging mishandling of end tags, as demonstrated by incorrect SVG processing, aka ZDI-CAN-3545. Desbordamiento inferior de entero en la clase nsHtml5TreeBuilder en el intérprete de cadenas HTML5 en Mozilla Firefox en versiones anteriores a 45.0 y Firefox ESR 38.x en versiones anteriores a 38.7 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (uso después de liberación de memoria) mediante el aprovechamiento del manejo incorrecto de las etiquetas finales, según lo demostrado por el procesamiento incorrecto de SVG, también conocido como ZDI-CAN-3545. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of HTML5 end tags. The issue lies in the failure to check for an index becoming negative, allowing for out-of-bounds indexing. • https://www.exploit-db.com/exploits/44294 https://www.exploit-db.com/exploits/42484 http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html http://lists.opensuse.org/opensuse-security&# •