Page 142 of 2037 results (0.048 seconds)

CVSS: 8.8EPSS: 93%CPEs: 11EXPL: 6

Incorrect alias information in IonMonkey JIT compiler for Array.prototype.slice method may lead to missing bounds check and a buffer overflow. This vulnerability affects Firefox < 66.0.1, Firefox ESR < 60.6.1, and Thunderbird < 60.6.1. La información incorrecta de alias en el compilador IonMonkey JIT para el método Array.prototype.slice puede llevar a la falta de comprobación de límites y a un desbordamiento del búfer. Esta vulnerabilidad afecta a Firefox versiones anteriores a 66.0.1, Firefox ESR versiones anteriores a 60.6.1 y Thunderbird versiones anteriores a 60.6.1. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. • https://www.exploit-db.com/exploits/46605 https://www.exploit-db.com/exploits/47752 https://github.com/0vercl0k/CVE-2019-9810 https://github.com/xuechiyaobai/CVE-2019-9810-PoC http://packetstormsecurity.com/files/155592/Mozilla-Firefox-Windows-64-Bit-Chain-Exploit.html https://access.redhat.com/errata/RHSA-2019:0966 https://access.redhat.com/errata/RHSA-2019:1144 https://bugzilla.mozilla.org/show_bug.cgi?id=1537924 https://www.mozilla.org/security/advisories/mfsa2019-09 https:/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 8.8EPSS: 59%CPEs: 3EXPL: 1

Incorrect handling of __proto__ mutations may lead to type confusion in IonMonkey JIT code and can be leveraged for arbitrary memory read and write. This vulnerability affects Firefox < 66.0.1, Firefox ESR < 60.6.1, and Thunderbird < 60.6.1. Un manejo incorrecto de __proto__ mutations puede llevar a confusión de tipo en el código IonMonkey JIT, y puede aprovecharse para la lectura y escritura de memoria arbitraria. Esta vulnerabilidad afecta a Firefox versiones anteriores a 66.0.1, Firefox ESR versiones anteriores a 60.6.1 y Thunderbird versiones anteriores a 60.6.1. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. • https://www.exploit-db.com/exploits/46646 https://access.redhat.com/errata/RHSA-2019:0966 https://access.redhat.com/errata/RHSA-2019:1144 https://bugzilla.mozilla.org/show_bug.cgi?id=1538006 https://www.mozilla.org/security/advisories/mfsa2019-09 https://www.mozilla.org/security/advisories/mfsa2019-10 https://www.mozilla.org/security/advisories/mfsa2019-12 https://access.redhat.com/security/cve/CVE-2019-9813 https://bugzilla.redhat.com/show_bug.cgi?id=1692182 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •

CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 0

The Upgrade-Insecure-Requests (UIR) specification states that if UIR is enabled through Content Security Policy (CSP), navigation to a same-origin URL must be upgraded to HTTPS. Firefox will incorrectly navigate to an HTTP URL rather than perform the security upgrade requested by the CSP in some circumstances, allowing for potential man-in-the-middle attacks on the linked resources. This vulnerability affects Firefox < 66. La especificación de Upgrade-Insecure-Requests (UIR) establece que si la UIR se habilita mediante Content Security Policy (CSP), la navegación a una URL del mismo origen debe actualizarse a HTTPS. Firefox navegará incorrectamente a una URL HTTP en lugar de realizar la actualización de seguridad solicitada por el CSP en algunas circunstancias, lo que permite posibles ataques de intermediarios en los recursos vinculados. • https://bugzilla.mozilla.org/show_bug.cgi?id=1437009 https://bugzilla.mozilla.org/show_bug.cgi?id=1515863 https://w3c.github.io/webappsec-upgrade-insecure-requests https://www.mozilla.org/security/advisories/mfsa2019-07 • CWE-346: Origin Validation Error •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

Cross-origin images can be read in violation of the same-origin policy by exporting an image after using createImageBitmap to read the image and then rendering the resulting bitmap image within a canvas element. This vulnerability affects Firefox < 66. Las imágenes de origen cruzado se pueden leer infringiendo la política del mismo origen al exportar una imagen después de utilizar createImageBitmap para leer la imagen y luego renderizar la imagen de mapa de bits resultante dentro de un elemento canvas. Esta vulnerabilidad afecta a Firefox, versiones anteriores a 66. • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00084.html https://access.redhat.com/errata/RHSA-2019:1265 https://access.redhat.com/errata/RHSA-2019:1267 https://access.redhat.com/errata/RHSA-2019:1269 https://access.redhat.com/errata/RHSA-2019:1308 https://access.redhat.com/errata/RHSA-2019:1309 https://access.redhat. • CWE-346: Origin Validation Error CWE-829: Inclusion of Functionality from Untrusted Control Sphere •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

Insufficient bounds checking of data during inter-process communication might allow a compromised content process to be able to read memory from the parent process under certain conditions. This vulnerability affects Firefox < 66. La comprobación de límites insuficientes de datos durante la comunicación entre procesos puede permitir que un proceso de contenido comprometido pueda leer la memoria del proceso principal en determinadas condiciones. Esta vulnerabilidad afecta a Firefox a las anteriores a 66. • https://bugzilla.mozilla.org/show_bug.cgi?id=1505678 https://www.mozilla.org/security/advisories/mfsa2019-07 • CWE-20: Improper Input Validation CWE-125: Out-of-bounds Read •