Page 162 of 1882 results (0.009 seconds)

CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 1

Malicious sites can display a spoofed location bar on a subsequently loaded page when the existing location bar on the new page is scrolled out of view if navigations between pages can be timed correctly. Note: This issue only affects Firefox for Android. Other operating systems are not affected. This vulnerability affects Firefox < 51. Los sitios maliciosos pueden mostrar una barra de direcciones suplantada en una página subsecuentemente cargada cuando la barra de direcciones existente en la nueva página se deja de ver al desplazarse si la navegación entre páginas se puede sincronizar correctamente. • http://www.securityfocus.com/bid/95763 http://www.securitytracker.com/id/1037693 https://bugzilla.mozilla.org/show_bug.cgi?id=1293463 https://www.mozilla.org/security/advisories/mfsa2017-01 • CWE-20: Improper Input Validation •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1

Malicious sites can display a spoofed addressbar on a page when the existing location bar on the new page is scrolled out of view if an HTML editable page element is user selected. Note: This attack only affects Firefox for Android. Other operating systems are not affected. This vulnerability affects Firefox < 53. Los sitios maliciosos pueden mostrar una barra de direcciones suplantada en una página cuando la barra de direcciones existente en la nueva página se deja de ver al desplazarse si un elemento HTML editable de página es seleccionado por el usuario. • http://www.securityfocus.com/bid/97940 http://www.securitytracker.com/id/1038320 https://bugzilla.mozilla.org/show_bug.cgi?id=1344517 https://www.mozilla.org/security/advisories/mfsa2017-10 • CWE-20: Improper Input Validation •

CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0

Android intents can be used to launch Firefox for Android in reader mode with a user specified URL. This allows an attacker to spoof the contents of the addressbar as displayed to users. Note: This attack only affects Firefox for Android. Other operating systems are not affected. This vulnerability affects Firefox < 53. • http://www.securityfocus.com/bid/97940 http://www.securitytracker.com/id/1038320 https://bugzilla.mozilla.org/show_bug.cgi?id=1338867 https://www.mozilla.org/security/advisories/mfsa2017-10 • CWE-20: Improper Input Validation •

CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0

This vulnerability allows an attacker to use the Mozilla Maintenance Service to escalate privilege by having the Maintenance Service invoke the Mozilla Updater to run malicious local files. This vulnerability requires local system access and is a variant of MFSA2013-44. Note: this issue only affects Windows operating systems. This vulnerability affects Firefox < 50. Esta vulnerabilidad permite que un atacante emplee Mozilla Maintenance Service para escalar privilegios haciendo que Maintenance Service invoque a Mozilla Updater para ejecutar archivos locales maliciosos. • http://www.securityfocus.com/bid/94337 http://www.securitytracker.com/id/1037298 https://bugzilla.mozilla.org/show_bug.cgi?id=1247239 https://www.mozilla.org/en-US/security/advisories/mfsa2013-44 https://www.mozilla.org/security/advisories/mfsa2016-89 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0

A spoofing vulnerability can occur when a malicious site with an extremely long domain name is opened in an Android Custom Tab (a browser panel inside another app) and the default browser is Firefox for Android. This could allow an attacker to spoof which page is actually loaded and in use. Note: this issue only affects Firefox for Android. Other versions and operating systems are unaffected. This vulnerability affects Firefox < 59. • http://www.securityfocus.com/bid/103386 http://www.securitytracker.com/id/1040514 https://bugzilla.mozilla.org/show_bug.cgi?id=1432624 https://www.mozilla.org/security/advisories/mfsa2018-06 • CWE-20: Improper Input Validation •