Page 151 of 2526 results (0.006 seconds)

CVSS: 9.3EPSS: 0%CPEs: 4EXPL: 0

During HTTP Live Stream playback on Firefox for Android, audio data can be accessed across origins in violation of security policies. Because the problem is in the underlying Android service, this issue is addressed by treating all HLS streams as cross-origin and opaque to access. *Note: this issue only affects Firefox for Android. Desktop versions of Firefox are unaffected.*. This vulnerability affects Firefox < 63, Firefox ESR < 60.3, and Thunderbird < 60.3. • http://www.securityfocus.com/bid/105718 http://www.securityfocus.com/bid/105769 http://www.securitytracker.com/id/1041944 https://bugzilla.mozilla.org/show_bug.cgi?id=1478843 https://security.gentoo.org/glsa/201811-13 https://www.mozilla.org/security/advisories/mfsa2018-26 https://www.mozilla.org/security/advisories/mfsa2018-27 https://www.mozilla.org/security/advisories/mfsa2018-28 • CWE-863: Incorrect Authorization •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

A service worker can send the activate event on itself periodically which allows it to run perpetually, allowing it to monitor activity by users. Affects all versions prior to Firefox 60. Un trabajador del servicio puede enviar el evento activate en sí mismo periódicamente, lo que le permite ejecutarse perpetuamente, permitiendo a su vez supervisar la actividad de los usuarios. Afecta a todas las versiones anteriores a Firefox 60. • https://www.mozilla.org/en-US/security/advisories/mfsa2018-11 https://access.redhat.com/security/cve/CVE-2018-5179 https://bugzilla.redhat.com/show_bug.cgi?id=1640114 • CWE-772: Missing Release of Resource after Effective Lifetime •

CVSS: 9.8EPSS: 0%CPEs: 19EXPL: 0

Mozilla developers and community members reported memory safety bugs present in Firefox 62 and Firefox ESR 60.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 63, Firefox ESR < 60.3, and Thunderbird < 60.3. Los desarrolladores de Mozilla y los miembros de la comunidad reportaron problemas de seguridad existentes en Firefox 62 y Firefox ESR 60.2. Algunos de estos errores mostraban evidencias de corrupción de memoria y se cree que, con el esfuerzo necesario, se podrían explotar para ejecutar código arbitrario. • http://www.securityfocus.com/bid/105718 http://www.securityfocus.com/bid/105769 http://www.securitytracker.com/id/1041944 https://access.redhat.com/errata/RHSA-2018:3005 https://access.redhat.com/errata/RHSA-2018:3006 https://access.redhat.com/errata/RHSA-2018:3531 https://access.redhat.com/errata/RHSA-2018:3532 https://bugzilla.mozilla.org/buglist.cgi?bug_id=1487098%2C1487660%2C1490234%2C1496159%2C1443748%2C1496340%2C1483905%2C1493347%2C1488803%2C1498701%2C1498482%2C1442010%2C1495245%2C1483699%2C1469486%2C1 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •

CVSS: 7.5EPSS: 0%CPEs: 18EXPL: 0

A potential vulnerability was found in 32-bit builds where an integer overflow during the conversion of scripts to an internal UTF-16 representation could result in allocating a buffer too small for the conversion. This leads to a possible out-of-bounds write. *Note: 64-bit builds are not vulnerable to this issue.*. This vulnerability affects Firefox < 63, Firefox ESR < 60.3, and Thunderbird < 60.3. Se ha encontrado una vulnerabilidad potencial en los builds de 32 bit en la que un desbordamiento de enteros durante la conversión de scripts en una representación UTF-16 interna podría conducir a la asignación de un búfer demasiado pequeño para dicha conversión. • http://www.securityfocus.com/bid/105718 http://www.securityfocus.com/bid/105769 http://www.securitytracker.com/id/1041944 https://access.redhat.com/errata/RHSA-2018:3005 https://access.redhat.com/errata/RHSA-2018:3006 https://access.redhat.com/errata/RHSA-2018:3531 https://access.redhat.com/errata/RHSA-2018:3532 https://bugzilla.mozilla.org/show_bug.cgi?id=1495011 https://lists.debian.org/debian-lts-announce/2018/11/msg00008.html https://lists.debian.org/debian-lts-announ • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •

CVSS: 6.5EPSS: 2%CPEs: 17EXPL: 0

A vulnerability where a WebExtension can run content scripts in disallowed contexts following navigation or other events. This allows for potential privilege escalation by the WebExtension on sites where content scripts should not be run. This vulnerability affects Firefox ESR < 60.3 and Firefox < 63. Una vulnerabilidad en la que WebExtensions pueden ejecutar scripts de contenido en contextos no permitidos tras una navegación u otros eventos. Esto permite el escalado de privilegios potencial mediante WebExtensions en sitios en los que los scripts de contenido no deberían ejecutarse. • http://www.securityfocus.com/bid/105718 http://www.securitytracker.com/id/1041944 https://access.redhat.com/errata/RHSA-2018:3005 https://access.redhat.com/errata/RHSA-2018:3006 https://bugzilla.mozilla.org/show_bug.cgi?id=1483602 https://lists.debian.org/debian-lts-announce/2018/11/msg00008.html https://security.gentoo.org/glsa/201811-04 https://usn.ubuntu.com/3801-1 https://www.debian.org/security/2018/dsa-4324 https://www.mozilla.org/security/advisories/mfsa2018-26&# • CWE-284: Improper Access Control CWE-732: Incorrect Permission Assignment for Critical Resource •