Page 192 of 1960 results (0.012 seconds)

CVSS: 8.1EPSS: 0%CPEs: 18EXPL: 1

CVE-2017-7807 – Mozilla: Domain hijacking through appcache fallback (MFSA 2017-19)

https://notcve.org/view.php?id=CVE-2017-7807

A mechanism that uses AppCache to hijack a URL in a domain using fallback by serving the files from a sub-path on the domain. This has been addressed by requiring fallback files be inside the manifest directory. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. Un mecanismo que utiliza AppCache para secuestrar una URL en un dominio utilizando fallback sirviendo los archivos desde una subruta en el dominio. Esto se ha solucionado al requerir que los archivos fallback estén dentro del directorio manifest. • http://www.securityfocus.com/bid/100242 http://www.securitytracker.com/id/1039124 https://access.redhat.com/errata/RHSA-2017:2456 https://access.redhat.com/errata/RHSA-2017:2534 https://bugzilla.mozilla.org/show_bug.cgi?id=1376459 https://security.gentoo.org/glsa/201803-14 https://www.debian.org/security/2017/dsa-3928 https://www.debian.org/security/2017/dsa-3968 https://www.mozilla.org/security/advisories/mfsa2017-18 https://www.mozilla.org/security/advisories/mfsa2017-19 • CWE-20: Improper Input Validation CWE-829: Inclusion of Functionality from Untrusted Control Sphere •

CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 1

CVE-2017-7762 – Mozilla: address bar username and password spoofing in reader mode

https://notcve.org/view.php?id=CVE-2017-7762

When entered directly, Reader Mode did not strip the username and password section of URLs displayed in the addressbar. This can be used for spoofing the domain of the current page. This vulnerability affects Firefox < 54. Al acceder a él directamente, Reader Mode no eliminó la sección de nombre de usuario y contraseña de las URL mostradas en la barra de direcciones. Esto puede emplearse para suplantar el dominio de la página actual. • http://www.securityfocus.com/bid/99047 http://www.securitytracker.com/id/1038689 https://access.redhat.com/errata/RHSA-2018:2112 https://access.redhat.com/errata/RHSA-2018:2113 https://bugzilla.mozilla.org/show_bug.cgi?id=1358248 https://www.mozilla.org/security/advisories/mfsa2017-15 https://access.redhat.com/security/cve/CVE-2017-7762 https://bugzilla.redhat.com/show_bug.cgi?id=1590493 • CWE-20: Improper Input Validation CWE-290: Authentication Bypass by Spoofing •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2017-5471

https://notcve.org/view.php?id=CVE-2017-5471

Memory safety bugs were reported in Firefox 53. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 54. Se han reportado errores de seguridad de memoria en Firefox 53. Algunos de estos errores mostraron evidencias de corrupción de memoria y se entiende que, con el suficiente esfuerzo, algunos de estos podrían explotarse para ejecutar código arbitrario. • http://www.securityfocus.com/bid/99042 http://www.securitytracker.com/id/1038689 https://bugzilla.mozilla.org/buglist.cgi?bug_id=1349604%2C1318645%2C1361098%2C1361100%2C1341026%2C1349421%2C1360852%2C1299147%2C1352073%2C1354853%2C1366446%2C1342181%2C1343069 https://www.mozilla.org/security/advisories/mfsa2017-15 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 1

CVE-2017-7764 – Mozilla: Domain spoofing with combination of Canadian Syllabics and other unicode blocks (MFSA 2017-16)

https://notcve.org/view.php?id=CVE-2017-7764

Characters from the "Canadian Syllabics" unicode block can be mixed with characters from other unicode blocks in the addressbar instead of being rendered as their raw "punycode" form, allowing for domain name spoofing attacks through character confusion. The current Unicode standard allows characters from "Aspirational Use Scripts" such as Canadian Syllabics to be mixed with Latin characters in the "moderately restrictive" IDN profile. We have changed Firefox behavior to match the upcoming Unicode version 10.0 which removes this category and treats them as "Limited Use Scripts.". This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. Los caracteres del bloque unicode "Canadian Syllabics" pueden mezclarse con caracteres de otros bloques unicode en la barra de direcciones en lugar de ser presentados en su forma "punycode" sin procesar. • http://www.securityfocus.com/bid/99057 http://www.securitytracker.com/id/1038689 http://www.unicode.org/reports/tr31/tr31-26.html#Aspirational_Use_Scripts https://access.redhat.com/errata/RHSA-2017:1440 https://access.redhat.com/errata/RHSA-2017:1561 https://bugzilla.mozilla.org/show_bug.cgi?id=1364283 https://www.debian.org/security/2017/dsa-3881 https://www.debian.org/security/2017/dsa-3918 https://www.mozilla.org/security/advisories/mfsa2017-15 https://www.mozilla.org • CWE-20: Improper Input Validation •

CVSS: 7.5EPSS: 0%CPEs: 18EXPL: 1

CVE-2017-7754 – Mozilla: Out-of-bounds read in WebGL with ImageInfo object (MFSA 2017-16)

https://notcve.org/view.php?id=CVE-2017-7754

An out-of-bounds read in WebGL with a maliciously crafted "ImageInfo" object during WebGL operations. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. Lectura fuera de límites en WebGL con un objeto "ImageInfo" maliciosamente manipulado durante las operaciones WebGL. La vulnerabilidad afecta a Firefox en versiones anteriores a la 54, Firefox ESR en versiones anteriores a la 52.2 y Thunderbird en versiones anteriores a la 52.2. • http://www.securityfocus.com/bid/99057 http://www.securitytracker.com/id/1038689 https://access.redhat.com/errata/RHSA-2017:1440 https://access.redhat.com/errata/RHSA-2017:1561 https://bugzilla.mozilla.org/show_bug.cgi?id=1357090 https://www.debian.org/security/2017/dsa-3881 https://www.debian.org/security/2017/dsa-3918 https://www.mozilla.org/security/advisories/mfsa2017-15 https://www.mozilla.org/security/advisories/mfsa2017-16 https://www.mozilla.org/security/advisories • CWE-125: Out-of-bounds Read •