Page 146 of 1796 results (0.006 seconds)

CVSS: 10.0EPSS: 0%CPEs: 5EXPL: 0

Mozilla developers and community members reported memory safety bugs present in Firefox 64. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 65. Los desarrolladores de Mozilla y los miembros de la comunidad reportaron problemas de seguridad existentes en Firefox 64. Algunos de estos errores mostraron evidencias de corrupción de memoria y se cree que, con el esfuerzo necesario, se podrían explotar para ejecutar código arbitrario. • http://www.securityfocus.com/bid/106773 https://usn.ubuntu.com/3874-1 https://www.mozilla.org/security/advisories/mfsa2019-01 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0

When JavaScript is used to create and manipulate an audio buffer, a potentially exploitable crash may occur because of a compartment mismatch in some situations. This vulnerability affects Firefox < 65. Cuando se utiliza JavaScript para crear y manipular un búfer de audio, podría ocurrir un cierre inesperado explotable debido a una no coincidencia de un compartimento en algunas situaciones. Esta vulnerabilidad afecta a las versiones anteriores a la 65 de Firefox. • http://www.securityfocus.com/bid/106773 https://usn.ubuntu.com/3874-1 https://www.mozilla.org/security/advisories/mfsa2019-01 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 6.1EPSS: 0%CPEs: 29EXPL: 0

When proxy auto-detection is enabled, if a web server serves a Proxy Auto-Configuration (PAC) file or if a PAC file is loaded locally, this PAC file can specify that requests to the localhost are to be sent through the proxy to another server. This behavior is disallowed by default when a proxy is manually configured, but when enabled could allow for attacks on services and tools that bind to the localhost for networked behavior if they are accessed through browsing. This vulnerability affects Firefox < 65. Cuando la autodetección del proxy está habilitada, si un servidor web proporciona un archivo de autoconfiguración de proxy (PAC) o si dicho archivo se carga localmente, este último puede especificar peticiones al host local que están destinadas a enviarse a través del proxy hacia otro servidor. Este comportamiento está prohibido por defecto cuando un proxy se configura manualmente. • http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00035.html http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00043.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00023.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00043.html http://www.securityfocus.com/bid/106773 https://access.redhat.com/errata/RHSA-2019:0622 https://access.redhat.com/errata/RHSA-2019:0623 https://access.redhat.com/errata/RHSA-2019:0680 https:/ • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0

A crash and out-of-bounds read can occur when the buffer of a texture client is freed while it is still in use during graphic operations. This results is a potentially exploitable crash and the possibility of reading from the memory of the freed buffers. This vulnerability affects Firefox < 65. Un cierre inesperado y una lectura fuera de límites podrían ocurrir cuando el búfer de la textura de un cliente se libera mientras está en uso durante las operaciones gráficas. Esto resulta en un cierre potencialmente explotable y la posibilidad de leer desde la memoria de los búferes liberados. • http://www.securityfocus.com/bid/106773 https://usn.ubuntu.com/3874-1 https://www.mozilla.org/security/advisories/mfsa2019-01 • CWE-125: Out-of-bounds Read •

CVSS: 10.0EPSS: 0%CPEs: 18EXPL: 0

An earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079, added authentication to communication between IPC endpoints and server parents during IPC process creation. This authentication is insufficient for channels created after the IPC process is started, leading to the authentication not being correctly applied to later channels. This could allow for a sandbox escape through IPC channels due to lack of message validation in the listener process. This vulnerability affects Thunderbird < 60.5, Firefox ESR < 60.5, and Firefox < 65. Una solución anterior para la vulnerabilidad de comunicación entre procesos (IPC), CVE-2011-3079, añadía una autenticación para comunicaciones entre endpoints de IPC y servidores padres durante la creación de procesos IPC. • http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00021.html http://www.securityfocus.com/bid/106781 https://access.redhat.com/errata/RHSA-2019:0218 https://access.redhat.com/errata/RHSA-2019:0219 https://access.redhat.com/errata/RHSA-2019:0269 https://access.redhat.com/errata/RHSA-2019:0270 https://bugzilla.mozilla.org/show_bug.cgi?id=1087565 https://lists.debian.org/debian-lts-announce/2019/01/msg00025.html https://lists.debian.org/debian-lts-announce/2019/02&# • CWE-287: Improper Authentication •