Page 164 of 1796 results (0.011 seconds)

CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0

Weak proxy objects have weak references on multiple threads when they should only have them on one, resulting in incorrect memory usage and corruption, which leads to potentially exploitable crashes. Note: This issue only affects Firefox for Android. Other operating systems are not affected. This vulnerability affects Firefox < 51. Los objetos proxy débiles tienen referencias débiles en múltiples hilos cuando solo deberían tenerlas en uno, lo que resulta en un uso incorrecto y una corrupción de la memoria, lo que conduce a potenciales cierres inesperados. • http://www.securityfocus.com/bid/95763 http://www.securitytracker.com/id/1037693 https://bugzilla.mozilla.org/show_bug.cgi?id=1293709 https://www.mozilla.org/security/advisories/mfsa2017-01 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0

A mechanism where when a new tab is loaded through JavaScript events, if fullscreen mode is then entered, the addressbar will not be rendered. This would allow a malicious site to displayed a spoofed addressbar, showing the location of an arbitrary website instead of the one loaded. Note: this issue only affects Firefox for Android. Desktop Firefox is unaffected. This vulnerability affects Firefox < 54. • http://www.securityfocus.com/bid/99049 http://www.securitytracker.com/id/1038689 https://bugzilla.mozilla.org/show_bug.cgi?id=1317242 https://www.mozilla.org/security/advisories/mfsa2017-15 • CWE-20: Improper Input Validation •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

A mechanism to spoof the Firefox for Android addressbar using a "javascript:" URI. On Firefox for Android, the base domain is parsed incorrectly, making the resulting location less visibly a spoofed site and showing an incorrect domain in appended notifications. This vulnerability affects Firefox < 53. Mecanismo para suplantar la barra de direcciones en Firefox para Android mediante un URI "javascript:". En Firefox para Android, el dominio base se analiza incorrectamente, lo que hace que sea menos visible que la dirección resultante es un sitio suplantado y mostrando un dominio incorrecto en las notificaciones anexadas. • http://www.securityfocus.com/bid/97940 http://www.securitytracker.com/id/1038320 https://bugzilla.mozilla.org/show_bug.cgi?id=1325955 https://www.mozilla.org/security/advisories/mfsa2017-10 • CWE-20: Improper Input Validation •

CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1

The Mozilla Windows updater modifies some files to be updated by reading the original file and applying changes to it. The location of the original file can be altered by a malicious user by passing a special path to the callback parameter through the Mozilla Maintenance Service, allowing the manipulation of files in the installation directory and privilege escalation by manipulating the Mozilla Maintenance Service, which has privileged access. Note: This attack requires local system access and only affects Windows. Other operating systems are not affected. This vulnerability affects Firefox ESR < 52.2 and Firefox < 54. • http://www.securityfocus.com/bid/99057 http://www.securitytracker.com/id/1038689 https://bugzilla.mozilla.org/show_bug.cgi?id=1348645 https://www.mozilla.org/security/advisories/mfsa2017-15 https://www.mozilla.org/security/advisories/mfsa2017-16 • CWE-417: Communication Channel Errors •

CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0

An error in the "WindowsDllDetourPatcher" where a RWX ("Read/Write/Execute") 4k block is allocated but never protected, violating DEP protections. Note: This attack only affects Windows operating systems. Other operating systems are not affected. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. Error en "WindowsDllDetourPatcher", donde un bloque 4k RWX ("Read/Write/Execute") se asigna, pero nunca se proteje, violando las protecciones DEP. • http://www.securityfocus.com/bid/100243 http://www.securitytracker.com/id/1039124 https://bugzilla.mozilla.org/show_bug.cgi?id=1344034 https://www.mozilla.org/security/advisories/mfsa2017-18 https://www.mozilla.org/security/advisories/mfsa2017-19 https://www.mozilla.org/security/advisories/mfsa2017-20 • CWE-269: Improper Privilege Management •