Page 164 of 2518 results (0.011 seconds)

CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0

Low descenders on some Tibetan characters in several fonts on OS X are clipped when rendered in the addressbar. When used as part of an Internationalized Domain Name (IDN) this can be used for domain name spoofing attacks. Note: This attack only affects OS X operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 58. • http://www.securityfocus.com/bid/102786 http://www.securitytracker.com/id/1040270 https://bugzilla.mozilla.org/show_bug.cgi?id=1402368 https://www.mozilla.org/security/advisories/mfsa2018-02 • CWE-20: Improper Input Validation •

CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0

A potential integer overflow in the "DoCrypt" function of WebCrypto was identified. If a means was found of exploiting it, it could result in an out-of-bounds write. This vulnerability affects Firefox < 58. Se ha identificado un potencial desbordamiento de enteros en la función "DoCrypt" de WebCrypto. Si se encuentra un medio para explotarlo, podría resultar en una escritura fuera de límites. • http://www.securityfocus.com/bid/102786 http://www.securitytracker.com/id/1040270 https://bugzilla.mozilla.org/show_bug.cgi?id=1413841 https://usn.ubuntu.com/3544-1 https://www.mozilla.org/security/advisories/mfsa2018-02 • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •

CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0

The Mozilla Maintenance Service can be invoked by an unprivileged user to read 32 bytes of any arbitrary file on the local system by convincing the service that it is reading a status file provided by the Mozilla Windows Updater. The Mozilla Maintenance Service executes with privileged access, bypassing system protections against unprivileged users. Note: This attack requires local system access and only affects Windows. Other operating systems are not affected. This vulnerability affects Firefox ESR < 52.2 and Firefox < 54. • http://www.securityfocus.com/bid/99057 http://www.securitytracker.com/id/1038689 https://bugzilla.mozilla.org/show_bug.cgi?id=1336979 https://www.mozilla.org/security/advisories/mfsa2017-15 https://www.mozilla.org/security/advisories/mfsa2017-16 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0

An issue with incorrect ownership model of "privateBrowsing" information exposed through developer tools. This can result in a non-exploitable crash when manually triggered during debugging. This vulnerability affects Firefox < 53. Se ha expuesto un problema con el modelo incorrecto de propiedad de la información "privateBrowsing" mediante las herramientas de desarrollador. Esto puede resultar en un cierre inesperado no explotable cuando se desencadena manualmente durante la depuración. • http://www.securityfocus.com/bid/97940 http://www.securitytracker.com/id/1038320 https://bugzilla.mozilla.org/show_bug.cgi?id=1329521 https://www.mozilla.org/security/advisories/mfsa2017-10 • CWE-665: Improper Initialization •

CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0

Weak proxy objects have weak references on multiple threads when they should only have them on one, resulting in incorrect memory usage and corruption, which leads to potentially exploitable crashes. Note: This issue only affects Firefox for Android. Other operating systems are not affected. This vulnerability affects Firefox < 51. Los objetos proxy débiles tienen referencias débiles en múltiples hilos cuando solo deberían tenerlas en uno, lo que resulta en un uso incorrecto y una corrupción de la memoria, lo que conduce a potenciales cierres inesperados. • http://www.securityfocus.com/bid/95763 http://www.securitytracker.com/id/1037693 https://bugzilla.mozilla.org/show_bug.cgi?id=1293709 https://www.mozilla.org/security/advisories/mfsa2017-01 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •