Page 138 of 805 results (0.015 seconds)

CVSS: 5.0EPSS: 0%CPEs: 11EXPL: 0

Mozilla Firefox before 30.0 and Thunderbird through 24.6 on OS X do not ensure visibility of the cursor after interaction with a Flash object and a DIV element, which makes it easier for remote attackers to conduct clickjacking attacks via JavaScript code that produces a fake cursor image. Mozilla Firefox anterior a 30.0 y Thunderbird hasta 24.6 en OS X no aseguran la visibilidad del cursor después de una interacción con un objeto Flash y un elemento DIV, lo que facilita a atacantes remotos realizar ataques de clickjacking a través de código JavaScript que produce un imagen del cursor falso. • http://lists.opensuse.org/opensuse-updates/2014-06/msg00040.html http://lists.opensuse.org/opensuse-updates/2014-07/msg00001.html http://secunia.com/advisories/59171 http://secunia.com/advisories/59387 http://secunia.com/advisories/59486 http://www.mozilla.org/security/announce/2014/mfsa2014-50.html http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.securityfocus.com/bid/67967 http://www.securitytracker.com/id/1030388 https://bugzilla.mozilla.org/s • CWE-20: Improper Input Validation •

CVSS: 10.0EPSS: 7%CPEs: 18EXPL: 0

Use-after-free vulnerability in the RefreshDriverTimer::TickDriver function in the SMIL Animation Controller in Mozilla Firefox before 30.0, Firefox ESR 24.x before 24.6, and Thunderbird before 24.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via crafted web content. Vulnerabilidad de uso después de liberación en la función RefreshDriverTimer::TickDriver en SMIL Animation Controller en Mozilla Firefox anterior a 30.0, Firefox ESR 24.x anterior a 24.6 y Thunderbird anterior a 24.6 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria dinámica) a través de contenido web manipulado. • http://linux.oracle.com/errata/ELSA-2014-0741.html http://linux.oracle.com/errata/ELSA-2014-0742.html http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00019.html http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00023.html http://lists.opensuse.org/opensuse-updates/2014-06/msg00040.html http://lists.opensuse.org/opensuse-updates/2014-07/msg00001.html http://lists.opensuse.org/opensuse-updates/2014-07/msg00004.html http://rhn.redhat.com/errata/RHSA-2014-0741& • CWE-416: Use After Free •

CVSS: 10.0EPSS: 7%CPEs: 18EXPL: 0

Use-after-free vulnerability in the nsTextEditRules::CreateMozBR function in Mozilla Firefox before 30.0, Firefox ESR 24.x before 24.6, and Thunderbird before 24.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Vulnerabilidad de uso después de liberación en la función nsTextEditRules::CreateMozBR en Mozilla Firefox anterior a 30.0, Firefox ESR 24.x anterior a 24.6 y Thunderbird anterior a 24.6 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria dinámica) a través de vectores no especificados. • http://linux.oracle.com/errata/ELSA-2014-0741.html http://linux.oracle.com/errata/ELSA-2014-0742.html http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00019.html http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00023.html http://lists.opensuse.org/opensuse-updates/2014-06/msg00040.html http://lists.opensuse.org/opensuse-updates/2014-07/msg00001.html http://lists.opensuse.org/opensuse-updates/2014-07/msg00004.html http://rhn.redhat.com/errata/RHSA-2014-0741& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 6.1EPSS: 0%CPEs: 27EXPL: 0

The docshell implementation in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to trigger the loading of a URL with a spoofed baseURI property, and conduct cross-site scripting (XSS) attacks, via a crafted web site that performs history navigation. La implementación docshell en Mozilla Firefox anterior a 29.0, Firefox ESR 24.x anterior a 24.5, Thunderbird anterior a 24.5 y SeaMonkey anterior a 2.26 permite a atacantes remotos provocar la carga de una URL con una propiedad baseURI falsificada, y realizar ataques de XSS, a través de un sitio web manipulado que realiza el historial de navegación. • http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132332.html http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132437.html http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00015.html http://lists.opensuse.org/opensuse-updates/2014-05/msg00010.html http://lists.opensuse.org/opensuse-updates/2014-05/msg00013.html http://lists.opensuse.org/opensuse-updates/2014-05/msg00033.html http: • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.3EPSS: 0%CPEs: 27EXPL: 9

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor de navegador en Mozilla Firefox anterior a 29.0, Firefox ESR 24.x anterior a 24.5, Thunderbird anterior a 24.5 y SeaMonkey anterior a 2.26 permiten a atacantes remotos causar una denegación de servicio (corrupción de memoria y caída de aplicación) o posiblemente ejecutar código arbitrario a través de vectores desconocidos. • http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132332.html http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132437.html http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00015.html http://lists.opensuse.org/opensuse-updates/2014-05/msg00010.html http://lists.opensuse.org/opensuse-updates/2014-05/msg00013.html http://lists.opensuse.org/opensuse-updates/2014-05/msg00033.html http: •