Page 14 of 2994 results (0.006 seconds)

CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0

CVE-2023-5721 – Mozilla: Queued up rendering could have allowed websites to clickjack

https://notcve.org/view.php?id=CVE-2023-5721

It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an insufficient activation-delay. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1. Era posible que el usuario activara o descartara ciertas indicaciones y cuadros de diálogo del navegador debido a una insuficiente activación del delay. Esta vulnerabilidad afecta a Firefox &lt; 119, Firefox ESR &lt; 115.4 y Thunderbird &lt; 115.4.1. A flaw was found in Mozilla. • https://bugzilla.mozilla.org/show_bug.cgi?id=1830820 https://lists.debian.org/debian-lts-announce/2023/10/msg00037.html https://lists.debian.org/debian-lts-announce/2023/10/msg00042.html https://www.debian.org/security/2023/dsa-5535 https://www.debian.org/security/2023/dsa-5538 https://www.mozilla.org/security/advisories/mfsa2023-45 https://www.mozilla.org/security/advisories/mfsa2023-46 https://www.mozilla.org/security/advisories/mfsa2023-47 https://access.redhat.com/security • CWE-356: Product UI does not Warn User of Unsafe Actions CWE-1021: Improper Restriction of Rendered UI Layers or Frames •

CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 1

CVE-2023-5496 – Translator PoqDev Add-On Select Text cross site scripting

https://notcve.org/view.php?id=CVE-2023-5496

A vulnerability was found in Translator PoqDev Add-On 1.0.11 on Firefox. It has been rated as problematic. This issue affects some unknown processing of the component Select Text Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. • https://fastupload.io/en/G5tO8X1vM8ge4qJ/file https://vuldb.com/?ctiid.241649 https://vuldb.com/?id.241649 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

CVE-2023-42808 – Common Voice Cross-site Scripting vulnerability

https://notcve.org/view.php?id=CVE-2023-42808

Common Voice is the web app for Mozilla Common Voice, a platform for collecting speech donations in order to create public domain datasets for training voice recognition-related tools. Version 1.88.2 is vulnerable to reflected Cross-Site Scripting given that user-controlled data flows to a path expression (path of a network request). This issue may lead to reflected Cross-Site Scripting (XSS) in the context of Common Voice’s server origin. As of time of publication, it is unknown whether any patches or workarounds exist. Common Voice es la aplicación web de Mozilla Common Voice, una plataforma para recopilar donaciones de voz con el fin de crear conjuntos de datos de dominio público para entrenar herramientas relacionadas con el reconocimiento de voz. • https://github.com/mozilla/common-voice/blob/9d6ffd755e29b81918b86b9f5218b9c27d9c1c1a/server/src/fetch-legal-document.ts#LL21-L62C2 https://github.com/mozilla/common-voice/blob/9d6ffd755e29b81918b86b9f5218b9c27d9c1c1a/server/src/server.ts#L214 https://securitylab.github.com/advisories/GHSL-2023-026_Common_Voice • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 31%CPEs: 25EXPL: 0

CVE-2023-5217 – Google Chromium libvpx Heap Buffer Overflow Vulnerability

https://notcve.org/view.php?id=CVE-2023-5217

Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) El desbordamiento del búfer en la codificación vp8 en libvpx en Google Chrome anterior a 117.0.5938.132 y libvpx 1.13.1 permitía a un atacante remoto explotar potencialmente la corrupción del montón a través de una página HTML manipulada. (Severidad de seguridad de Chrome: alta) A heap-based buffer overflow flaw was found in the way libvpx, a library used to process VP8 and VP9 video codecs data, processes certain specially formatted video data via a crafted HTML page. This flaw allows an attacker to crash or remotely execute arbitrary code in an application, such as a web browser that is compiled with this library. Google Chromium libvpx contains a heap buffer overflow vulnerability in vp8 encoding that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. • http://seclists.org/fulldisclosure/2023/Oct/12 http://seclists.org/fulldisclosure/2023/Oct/16 http://www.openwall.com/lists/oss-security/2023/09/28/5 http://www.openwall.com/lists/oss-security/2023/09/28/6 http://www.openwall.com/lists/oss-security/2023/09/29/1 http://www.openwall.com/lists/oss-security/2023/09/29/11 http://www.openwall.com/lists/oss-security/2023/09/29/12 http://www.openwall.com/lists/oss-security/2023/09/29/14 http://ww • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2023-5175

https://notcve.org/view.php?id=CVE-2023-5175

During process shutdown, it was possible that an `ImageBitmap` was created that would later be used after being freed from a different codepath, leading to a potentially exploitable crash. This vulnerability affects Firefox < 118. Durante el cierre del proceso, era posible que se creara un "ImageBitmap" que luego se usaría después de liberarse de una ruta de código diferente, lo que provocaría un bloqueo potencialmente explotable. Esta vulnerabilidad afecta a Firefox &lt; 118. • https://bugzilla.mozilla.org/show_bug.cgi?id=1849704 https://security.gentoo.org/glsa/202401-10 https://www.mozilla.org/security/advisories/mfsa2023-41 • CWE-416: Use After Free •