Page 133 of 664 results (0.009 seconds)

CVSS: 7.5EPSS: 16%CPEs: 140EXPL: 0

The Cascading Style Sheets (CSS) implementation in Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via dynamic modification of a keyframe followed by access to the cssText of the keyframe. La implementación Hojas de Estilo en Cascada (CSS) en Mozilla Firefox 4.x hasta 10.0, 10.x Firefox ESR antes de 10.0.3, Thunderbird 5.0 hasta 10.0, Thunderbird ESR 10.x antes de 10.0.3, y SeaMonkey antes de 2.8 permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) o posiblemente ejecutar código arbitrario a través de la modificación dinámica de un fotograma clave seguido por el acceso al cssText del fotograma clave. • http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00014.html http://lists.opensuse.org/opensuse-updates/2012-03/msg00042.html http://rhn.redhat.com/errata/RHSA-2012-0387.html http://rhn.redhat.com/errata/RHSA-2012-0388.html http://secunia.com/advisories/48359 http://secunia.com/advisories/48402 http://secunia.com/advisories/48496 http://secunia.com/advisories/48513 http://secunia.com/advisories/48553 http://secunia.com/advisories/48561 http://secunia.com/adviso • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 7.5EPSS: 25%CPEs: 140EXPL: 0

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador de Mozilla Firefox v4.x hasta v10.0, Firefox ESR v10.x antes de v10.0.3, Thunderbird v5.0 a v10.0, Thunderbird ESR v10.x antes de v10.0.3, y SeaMonkey antes de v2.8 permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria y caída de aplicación) o posiblemente ejecutar código arbitrario a través de vectores desconocidos. • http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00015.html http://lists.opensuse.org/opensuse-updates/2012-03/msg00042.html http://rhn.redhat.com/errata/RHSA-2012-0387.html http://rhn.redhat.com/errata/RHSA-2012-0388.html http://secunia.com/advisories/48359 http://secunia.com/advisories/48402 http://secunia.com/advisories/48496 http://secunia.com/advisories/48513 http://secunia.com/advisories •

CVSS: 4.3EPSS: 0%CPEs: 140EXPL: 0

CRLF injection vulnerability in Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allows remote web servers to bypass intended Content Security Policy (CSP) restrictions and possibly conduct cross-site scripting (XSS) attacks via crafted HTTP headers. Vulnerabilidad de inyección de falsificación de peticiones en sitios cruzados en Mozilla Firefox v4.x hasta v10.0, Firefox ESR v10.x antes de v10.0.3, Thunderbird v5.0 a v10.0, Thunderbird ESR v10.x antes de v10.0.3, y SeaMonkey antes de v2.8 permite a los servidores web remotos para eludir las restricciones de Content Security Policy (CSP) y, posiblemente, realizar cross-site scripting (XSS) a través de los ataques hechos a las cabeceras HTTP. • http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00014.html http://lists.opensuse.org/opensuse-updates/2012-03/msg00042.html http://rhn.redhat.com/errata/RHSA-2012-0387.html http://rhn.redhat.com/errata/RHSA-2012-0388.html http://secunia.com/advisories/48359 http://secunia.com/advisories/48402 http://secunia.com/advisories/48496 http://secunia.com/advisories/48513 http://secunia.com/advisories/48553 http://secunia.com/advisories/48561 http://secunia.com/adviso • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 4.3EPSS: 0%CPEs: 41EXPL: 0

Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 do not properly restrict drag-and-drop operations on javascript: URLs, which allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web page, related to a "DragAndDropJacking" issue. Mozilla Firefox antes de v3.6.28 y v4.x hasta v10.0, Firefox ESR v10.x antes de v10.0.3, Thunderbird antes de v3.1.20 y v5.0 hasta v10.0, Thunderbird ESR v10.x antes de v10.0.3, y SeaMonkey antes de v2.8 no restringen adecuadamente arrastrar y soltar en javascript: URLs, lo que permite a atacantes remotos asistidos por el usuario realizar ataques de ejecución de secuencias de comandos en sitios cruzados a través de una página web modificada, relacionado con un problema "DragAndDropJacking". • http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00015.html http://lists.opensuse.org/opensuse-updates/2012-03/msg00042.html http://rhn.redhat.com/errata/RHSA-2012-0387.html http://rhn.redhat.com/errata/RHSA-2012-0388.html http://secunia.com/advisories/48359 http://secunia.com/advisories/48402 http://secunia.com/advisories/48414 http://secunia.com/advisories/48495 http://secunia.com/advisories • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •