Page 128 of 1333 results (0.004 seconds)

CVSS: 8.8EPSS: 5%CPEs: 22EXPL: 0

CVE-2016-1961 – Mozilla Firefox nsHTMLDocument SetBody Use-After-Free Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2016-1961

Use-after-free vulnerability in the nsHTMLDocument::SetBody function in dom/html/nsHTMLDocument.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code by leveraging mishandling of a root element, aka ZDI-CAN-3574. Vulnerabilidad de uso después de liberación de memoria en la función nsHTMLDocument::SetBody en dom/html/nsHTMLDocument.cpp en Mozilla Firefox en versiones anteriores a 45.0 y Firefox ESR 38.x en versiones anteriores a 38.7 permite a atacantes remotos ejecutar código arbitrario mediante el aprovechamiento del manejo incorrecto de un elemento root, también conocido como ZDI-CAN-3574. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of nsHTMLDocument objects. By manipulating a document's elements an attacker can force a nsHTMLDocument object in memory to be reused after it has been freed. • http://hg.mozilla.org/releases/mozilla-release/rev/b208427885d3 http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00089.htm •

CVSS: 8.8EPSS: 2%CPEs: 22EXPL: 0

CVE-2016-1964 – Mozilla: Use-after-free during XML transformations (MFSA 2016-27)

https://notcve.org/view.php?id=CVE-2016-1964

Use-after-free vulnerability in the AtomicBaseIncDec function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by leveraging mishandling of XML transformations. Vulnerabilidad de uso después de liberación de memoria en la función AtomicBaseIncDec en Mozilla Firefox en versiones anteriores a 45.0 y Firefox ESR 38.x en versiones anteriores a 38.7 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria dinámica) mediante el aprovechamiento del manejo incorrecto de transformaciones XML. • http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00089.html http://lists.opensuse.org/opensuse-security-announce/2016-03 •

CVSS: 8.8EPSS: 1%CPEs: 19EXPL: 0

CVE-2016-1966 – Mozilla: Memory corruption with malicious NPAPI plugin (MFSA 2016-31)

https://notcve.org/view.php?id=CVE-2016-1966

The nsNPObjWrapper::GetNewOrUsed function in dom/plugins/base/nsJSNPRuntime.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (invalid pointer dereference and memory corruption) via a crafted NPAPI plugin. La función nsNPObjWrapper::GetNewOrUsed en dom/plugins/base/nsJSNPRuntime.cpp en Mozilla Firefox en versiones anteriores a 45.0 y Firefox ESR 38.x en versiones anteriores a 38.7 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (referencia a puntero no válida y corrupción de memoria) a través de un plugin NPAPI manipulado. • http://hg.mozilla.org/releases/mozilla-release/rev/f0d2911a9a4e http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00089.htm •

CVSS: 8.8EPSS: 2%CPEs: 22EXPL: 0

CVE-2016-1974 – Mozilla: Out-of-bounds read in HTML parser following a failed allocation (MFSA 2016-34)

https://notcve.org/view.php?id=CVE-2016-1974

The nsScannerString::AppendUnicodeTo function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 does not verify that memory allocation succeeds, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via crafted Unicode data in an HTML, XML, or SVG document. La función nsScannerString::AppendUnicodeTo en Mozilla Firefox en versiones anteriores a 45.0 y Firefox ESR 38.x en versiones anteriores a 38.7 no verifica que la asignación de memoria tenga éxito, lo que permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (lectura fuera de rango) a través de datos Unicode manipulados en un documento HTML, XML o SVG. • http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00089.html http://lists.opensuse.org/opensuse-security-announce/2016-03 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 8.1EPSS: 3%CPEs: 19EXPL: 0

CVE-2016-1526 – graphite2: Out-of-bounds read vulnerability in TfUtil:LocaLookup

https://notcve.org/view.php?id=CVE-2016-1526

The TtfUtil:LocaLookup function in TtfUtil.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, incorrectly validates a size value, which allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted Graphite smart font. La función TtfUtil:LocaLookup en TtfUtil.cpp en Libgraphite en Graphite 2 1.2.4, como se utiliza en Mozilla Firefox en versiones anteriores a 43.0 y Firefox ESR 38.x en versiones anteriores a 38.6.1, valida incorrectamente un valor de tamaño, lo que permite a atacantes remotos obtener información sensible o causar una denegación de servicio (lectura fuera de rango y caída de aplicación) a través de una fuente inteligente Graphite. A vulnerability has been discovered in Graphite2. An attacker able to trick an unsuspecting user into opening specially crafted font files in an application using Graphite2 could exploit these flaws to cause the application to crash or, potentially, execute arbitrary code with the privileges of the application. • http://blog.talosintel.com/2016/02/vulnerability-spotlight-libgraphite.html http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177520.html http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184623.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00052.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00058.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00088.html http://rhn.redhat.com/errata/RHSA-2016-0594.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •