Page 187 of 2173 results (0.018 seconds)

CVSS: 6.1EPSS: 0%CPEs: 15EXPL: 1

The content security policy (CSP) "sandbox" directive did not create a unique origin for the document, causing it to behave as if the "allow-same-origin" keyword were always specified. This could allow a Cross-Site Scripting (XSS) attack to be launched from unsafe content. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4. La directiva CSP (Content Security Policy) "sandbox" no creaba un origen único para el documento, provocando que se comporte como si estuviera siempre especificada la palabra clave "allow-same-origin". Esto podría permitir que se lance un ataque Cross-Site Scripting (XSS) desde contenido no seguro. • http://www.securityfocus.com/bid/101059 http://www.securitytracker.com/id/1039465 https://access.redhat.com/errata/RHSA-2017:2831 https://access.redhat.com/errata/RHSA-2017:2885 https://bugzilla.mozilla.org/show_bug.cgi?id=1396320 https://lists.debian.org/debian-lts-announce/2017/11/msg00000.html https://security.gentoo.org/glsa/201803-14 https://www.debian.org/security/2017/dsa-3987 https://www.debian.org/security/2017/dsa-4014 https://www.mozilla.org/security/advisor • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 0%CPEs: 16EXPL: 1

A use-after-free vulnerability can occur when manipulating arrays of Accessible Rich Internet Applications (ARIA) elements within containers through the DOM. This results in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4. Puede ocurrir una vulnerabilidad de uso de memoria previamente liberada cuando se manipulan arrays de elementos ARIA (Accesible Rich Internet Applications) en los contenedores mediante el DOM. Esto resulta en un cierre inesperado explotable. • http://www.securityfocus.com/bid/101055 http://www.securitytracker.com/id/1039465 https://access.redhat.com/errata/RHSA-2017:2831 https://access.redhat.com/errata/RHSA-2017:2885 https://bugzilla.mozilla.org/show_bug.cgi?id=1363723 https://lists.debian.org/debian-lts-announce/2017/11/msg00000.html https://security.gentoo.org/glsa/201803-14 https://www.debian.org/security/2017/dsa-3987 https://www.debian.org/security/2017/dsa-4014 https://www.mozilla.org/security/advisor • CWE-416: Use After Free •

CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0

Remote code execution in the Venkman script debugger in Mozilla Firefox before 2.0.0.8. Existe una vulnerabilidad de ejecución remota de código en el script debugger Venkman en Mozilla Firefox en versiones anteriores a la 2.0.0.8. • https://bugzilla.mozilla.org/show_bug.cgi?id=325761 https://bugzilla.mozilla.org/show_bug.cgi?id=345305 https://bugzilla.suse.com/show_bug.cgi?id=332512 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 1

An error occurs in the elliptic curve point addition algorithm that uses mixed Jacobian-affine coordinates where it can yield a result "POINT_AT_INFINITY" when it should not. A man-in-the-middle attacker could use this to interfere with a connection, resulting in an attacked party computing an incorrect shared secret. This vulnerability affects Firefox < 55. Ocurre un error en el algoritmo de suma de puntos de curva elíptica que emplea coordenadas mixtas Jacobian-affine que pueden dar como resultado "POINT_AT_INFINITY", aunque no deberían. Un atacante Man-in-the-Middle (MitM) podría aprovecharlo para interferir con una conexión, lo que resulta en que la parte atacada calcula un secreto compartido de forma incorrecta. • http://www.securityfocus.com/bid/100383 http://www.securitytracker.com/id/1039124 https://bugzilla.mozilla.org/show_bug.cgi?id=1352039 https://www.mozilla.org/security/advisories/mfsa2017-18 •

CVSS: 7.5EPSS: 3%CPEs: 1EXPL: 2

If a long user name is used in a username/password combination in a site URL (such as " http://UserName:Password@example.com"), the resulting modal prompt will hang in a non-responsive state or crash, causing a denial of service. This vulnerability affects Firefox < 55. Si se emplea un nombre de usuario largo en una combinación nombre de usuario/contraseña en una URL de un sitio (como " http://NombreUsuario:Contraseña@ejemplo.com"), el mensaje modal resultante se mantendrá en un estado sin respuesta o se cerrará inesperadamente, provocando una denegación de servicio (DoS). La vulnerabilidad afecta a Firefox en versiones anteriores a la 55. Mozilla Firefox versions prior to 55 suffer from a long username denial of service vulnerability. • https://www.exploit-db.com/exploits/43020 http://www.securityfocus.com/bid/100401 http://www.securitytracker.com/id/1039124 https://bugzilla.mozilla.org/show_bug.cgi?id=1360842 https://www.mozilla.org/security/advisories/mfsa2017-18 • CWE-20: Improper Input Validation •