Page 160 of 2392 results (0.004 seconds)

CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0

The "Mark of the Web" was not correctly saved on Windows when files with very long names were downloaded from the Internet. Without the Mark of the Web data, the security warning that Windows displays before running executables downloaded from the Internet is not shown. Note: This attack only affects Windows operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. • http://www.securityfocus.com/bid/99057 http://www.securitytracker.com/id/1038689 https://bugzilla.mozilla.org/show_bug.cgi?id=1273265 https://www.mozilla.org/security/advisories/mfsa2017-15 https://www.mozilla.org/security/advisories/mfsa2017-16 https://www.mozilla.org/security/advisories/mfsa2017-17 • CWE-20: Improper Input Validation •

CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0

The "pingsender" executable used by the Firefox Health Report dynamically loads a system copy of libcurl, which an attacker could replace. This allows for privilege escalation as the replaced libcurl code will run with Firefox's privileges. Note: This attack requires an attacker have local system access and only affects OS X and Linux. Windows systems are not affected. This vulnerability affects Firefox < 57. • http://www.securityfocus.com/bid/101832 http://www.securitytracker.com/id/1039803 https://bugzilla.mozilla.org/show_bug.cgi?id=1401339 https://www.mozilla.org/security/advisories/mfsa2017-24 • CWE-427: Uncontrolled Search Path Element •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

The cache directory on the local file system is set to be world writable. Firefox defaults to extracting libraries from this cache. This allows for the possibility of an installed malicious application or tools with write access to the file system to replace files used by Firefox with their own versions. This vulnerability affects Firefox < 51.0.3. El directorio cache en el sistema de archivos local está establecido para que tenga permisos de escritura global. • http://www.securityfocus.com/bid/96144 https://bugzilla.mozilla.org/show_bug.cgi?id=1337304 https://www.mozilla.org/security/advisories/mfsa2017-04 • CWE-829: Inclusion of Functionality from Untrusted Control Sphere •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0

When a new Firefox profile is created on 64-bit Windows installations, the sandbox for 64-bit NPAPI plugins is not enabled by default. Note: This issue only affects 64-bit Windows. 32-bit Windows and other operating systems are unaffected. This vulnerability affects Firefox < 50. Cuando se crea un nuevo perfil de Firefox en instalaciones de 64 bits de Windows, el sandbox para los plugins NPAPI de 64 bits no están habilitados por defecto. Nota: este problema solo afecta a la versión 64 bits de Windows. • http://www.securityfocus.com/bid/94337 http://www.securitytracker.com/id/1037298 https://bugzilla.mozilla.org/show_bug.cgi?id=1300083 https://www.mozilla.org/security/advisories/mfsa2016-89 • CWE-254: 7PK - Security Features •

CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0

An attack using manipulation of "updater.ini" contents, used by the Mozilla Windows Updater, and privilege escalation through the Mozilla Maintenance Service to allow for arbitrary file execution and deletion by the Maintenance Service, which has privileged access. Note: This attack requires local system access and only affects Windows. Other operating systems are not affected. This vulnerability affects Firefox ESR < 52.2 and Firefox < 54. Un ataque que emplea la manipulación del contenido de "updater.ini", empleado por Mozilla Windows Updater, y un escalado de privilegios mediante Mozilla Maintenance Service permite la ejecución y eliminación de archivos arbitrarios por parte de Maintenance Service, que tiene acceso privilegiado. • http://www.securityfocus.com/bid/99057 http://www.securitytracker.com/id/1038689 https://bugzilla.mozilla.org/show_bug.cgi?id=1342742 https://www.mozilla.org/security/advisories/mfsa2017-15 https://www.mozilla.org/security/advisories/mfsa2017-16 •