Page 14 of 194 results (0.014 seconds)

CVSS: 4.3EPSS: 0%CPEs: 18EXPL: 0

Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 mishandle a navigation sequence that returns to the original page, which allows remote attackers to spoof the address bar via vectors involving the history.back method and the location.protocol property. Mozilla Firefox en versiones anteriores a 45.0 y Firefox ESR 38.x en versiones anteriores a 38.7 no maneja correctamente la secuencia de navegación que devuelve a la página original, lo que permite a atacantes remotos suplantar la barra de direcciones a través de vectores que involucran el método history.back y la propiedad location.protocol. • http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00089.html http://lists.opensuse.org/opensuse-security-announce/2016-03 • CWE-254: 7PK - Security Features •

CVSS: 8.8EPSS: 1%CPEs: 22EXPL: 0

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el navegador en Mozilla Firefox en versiones anteriores a 45.0 y Firefox ESR 38.x en versiones anteriores a 38.7 permite a atacantes remotos causar una denegación de servicio (corrupción de la memoria o caída de la aplicación) o posiblemente ejecutar código arbitrario a través de vectores no especificados. • http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00089.html http://lists.opensuse.org/opensuse-security-announce/2016-03 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 8.8EPSS: 1%CPEs: 22EXPL: 0

The nsCSPContext::SendReports function in dom/security/nsCSPContext.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 does not prevent use of a non-HTTP report-uri for a Content Security Policy (CSP) violation report, which allows remote attackers to cause a denial of service (data overwrite) or possibly gain privileges by specifying a URL of a local file. La función nsCSPContext::SendReports en dom/security/nsCSPContext.cpp en Mozilla Firefox en versiones anteriores a 45.0 y Firefox ESR 38.x en versiones anteriores a 38.7 no previene el uso de una URL de informe no HTTP para un informe de violación de Content Security Policy (CSP), lo que permite a atacantes remotos causar una denegación de servicio (sobreescripción de datos) o posiblemente ganar privilegios especificando el URL de un archivo local." • http://hg.mozilla.org/releases/mozilla-release/rev/5154bb929236 http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00089.htm • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 8.8EPSS: 96%CPEs: 22EXPL: 2

Integer underflow in the nsHtml5TreeBuilder class in the HTML5 string parser in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) by leveraging mishandling of end tags, as demonstrated by incorrect SVG processing, aka ZDI-CAN-3545. Desbordamiento inferior de entero en la clase nsHtml5TreeBuilder en el intérprete de cadenas HTML5 en Mozilla Firefox en versiones anteriores a 45.0 y Firefox ESR 38.x en versiones anteriores a 38.7 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (uso después de liberación de memoria) mediante el aprovechamiento del manejo incorrecto de las etiquetas finales, según lo demostrado por el procesamiento incorrecto de SVG, también conocido como ZDI-CAN-3545. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of HTML5 end tags. The issue lies in the failure to check for an index becoming negative, allowing for out-of-bounds indexing. • https://www.exploit-db.com/exploits/44294 https://www.exploit-db.com/exploits/42484 http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html http://lists.opensuse.org/opensuse-security&# •

CVSS: 8.8EPSS: 5%CPEs: 22EXPL: 0

Use-after-free vulnerability in the nsHTMLDocument::SetBody function in dom/html/nsHTMLDocument.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code by leveraging mishandling of a root element, aka ZDI-CAN-3574. Vulnerabilidad de uso después de liberación de memoria en la función nsHTMLDocument::SetBody en dom/html/nsHTMLDocument.cpp en Mozilla Firefox en versiones anteriores a 45.0 y Firefox ESR 38.x en versiones anteriores a 38.7 permite a atacantes remotos ejecutar código arbitrario mediante el aprovechamiento del manejo incorrecto de un elemento root, también conocido como ZDI-CAN-3574. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of nsHTMLDocument objects. By manipulating a document's elements an attacker can force a nsHTMLDocument object in memory to be reused after it has been freed. • http://hg.mozilla.org/releases/mozilla-release/rev/b208427885d3 http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00089.htm •