Page 135 of 1333 results (0.008 seconds)

CVSS: 5.1EPSS: 0%CPEs: 244EXPL: 0

Heap-based buffer overflow in the mozilla::gfx::CopyRect function in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows remote attackers to obtain sensitive information from uninitialized process memory via a malformed SVG graphic. Desbordamiento de buffer basado en memoria dinámica en la función mozilla::gfx::CopyRect en Mozilla Firefox anterior a 36.0, Firefox ESR 31.x anterior a 31.5, y Thunderbird anterior a 31.5 permite a atacantes remotos obtener información sensible de la memoria de procesos no inicializada a través de un gráfico SVG malformado. • http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00026.html http://lists.opensuse.org/opensuse-security-announce/2015-07 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 6.8EPSS: 0%CPEs: 8EXPL: 0

The navigator.sendBeacon implementation in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 omits the CORS Origin header, which allows remote attackers to bypass intended CORS access-control checks and conduct cross-site request forgery (CSRF) attacks via a crafted web site. La implementación navigator.sendBeacon en Mozilla Firefox anterior a 35.0, Firefox ESR 31.x anterior a 31.4, Thunderbird anterior a 31.4, y SeaMonkey anterior a 2.32 omite la cabecera CORS Origin, lo que permite a atacantes remotos evadir las comprobaciones del control de acceso a CORS y realizar ataques de CSRF a través de un sitio web manipulado. • http://linux.oracle.com/errata/ELSA-2015-0046.html http://linux.oracle.com/errata/ELSA-2015-0047.html http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00032.html http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00033.html http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00036.html http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00002.html http://lists.opensuse • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 6.8EPSS: 1%CPEs: 8EXPL: 0

Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 do not properly interpret Set-Cookie headers within responses that have a 407 (aka Proxy Authentication Required) status code, which allows remote HTTP proxy servers to conduct session fixation attacks by providing a cookie name that corresponds to the session cookie of the origin server. Mozilla Firefox anterior a 35.0, Firefox ESR 31.x anterior a 31.4, Thunderbird anterior a 31.4, y SeaMonkey anterior a 2.32 no interprete correctamente cabeceras Set-Cookie dentro de respuestas que tienen un código de estatus 407 (también conocido como Proxy Authentication Required), lo que permite a servidores proxy remotos HTTP realizar ataques de fijación de sesiones mediante la provisión de un nombre de cookie que corresponde con la cookie de la sesión de servidor de origen. • http://linux.oracle.com/errata/ELSA-2015-0046.html http://linux.oracle.com/errata/ELSA-2015-0047.html http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00032.html http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00033.html http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00036.html http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00002.html http://lists.opensuse • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •

CVSS: 7.5EPSS: 5%CPEs: 8EXPL: 0

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador en Mozilla Firefox anterior a 35.0, Firefox ESR 31.x anterior a 31.4, Thunderbird anterior a 31.4, y SeaMonkey anterior a 2.32 permiten a atacantes remotos causar una denegación de servicio (corrupción de memoria y caída de la aplicación) o posiblemente ejecutar código arbitrario a través de vectores desconocidos. • http://linux.oracle.com/errata/ELSA-2015-0046.html http://linux.oracle.com/errata/ELSA-2015-0047.html http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00032.html http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00033.html http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00036.html http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00002.html http://lists.opensuse • CWE-122: Heap-based Buffer Overflow •

CVSS: 2.1EPSS: 0%CPEs: 9EXPL: 0

Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, and Thunderbird before 31.3 on Apple OS X 10.10 omit a CoreGraphics disable-logging action that is needed by jemalloc-based applications, which allows local users to obtain sensitive information by reading /tmp files, as demonstrated by credential information. Mozilla Firefox anterior a 34.0, Firefox ESR 31.x anterior a 31.3, y Thunderbird anterior a 31.3 en Apple OS X 10.10 omiten una acción del registro de la deshabilitación de CoreGraphics que es necesario para las aplicaciones basadas en jemalloc, lo que permite a usuarios locales obtener información sensible mediante la lectura de ficheros /tmp, tal y como fue demostrado por la información de credenciales. • http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html http://support.apple.com/HT204244 http://www.mozilla.org/security/announce/2014/mfsa2014-90.html http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.reddit.com/r/netsec/comments/2ocxac/apple_coregraphics_framework_on_os_x_1010_is https://bugzilla.mozilla.org/show_bug.cgi?id=1092855 • CWE-199: Information Management Errors •