Page 195 of 995 results (0.018 seconds)

CVSS: 7.5EPSS: 95%CPEs: 3EXPL: 1

The SVG implementation in Mozilla Firefox 8.0, Thunderbird 8.0, and SeaMonkey 2.5 does not properly interact with DOMAttrModified event handlers, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via vectors involving removal of SVG elements. La implementación de SVG en Mozilla Firefox v8.0, Thunderbird v8.0, y SeaMonkey v2.6, no interactua correctamente con los manejadores de eventos DOMAttrModified, lo que permite a atacantes remotos provocar una denegación de servicio (acceso fuera de límites de memoria) o posiblemente tener otro impacto no especificado a través de vectores que implican la eliminación de elementos SVG. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of nsSVGValue observers. A certain method call can be made to loop excessively causing an out-of-bounds memory access. • https://www.exploit-db.com/exploits/18847 http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00009.html http://lists.opensuse.org/opensuse-updates/2012-03/msg00042.html http://osvdb.org/77953 http://secunia.com/advisories/47302 http://secunia.com/advisories/47334 http://secunia.com/advisories/48495 http://secunia.com/advisories/48553 http://secunia.com/advisories/48823 http://secunia.com/advi • CWE-399: Resource Management Errors •

CVSS: 9.3EPSS: 0%CPEs: 25EXPL: 0

Mozilla Firefox 4.x through 7.0 and Thunderbird 5.0 through 7.0 perform access control without checking for use of the NoWaiverWrapper wrapper, which allows remote attackers to gain privileges via a crafted web site. Mozilla Firefox 4.x hasta la 7.0 y Thunderbird 5.0 hasta la 7.0 realizan el control de acceso sin comprobar el uso del "wrapper" NoWaiverWrapper, lo que permite a atacantes remotos escalar privilegios a través de un sitio web modificado. • http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00020.html http://secunia.com/advisories/49055 http://www.mozilla.org/security/announce/2011/mfsa2011-52.html https://bugzilla.mozilla.org/show_bug.cgi?id=672182 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14202 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 10.0EPSS: 7%CPEs: 252EXPL: 0

The browser engine in Mozilla Firefox before 8.0 and Thunderbird before 8.0 does not properly handle links from SVG mpath elements to non-SVG elements, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors. El motor del navegador de Mozilla Firefox hasta la versión 8.0 y Thunderbird hasta la 8.0 no maneja apropiadamente los enlaces de elemento mpath SVG a elementos non-SVG, lo que permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria y caída de la aplicación) o posiblemente ejecutar código arbitrario a través de vectores sin especificar. • http://secunia.com/advisories/49055 http://www.mozilla.org/security/announce/2011/mfsa2011-48.html https://bugzilla.mozilla.org/show_bug.cgi?id=694953 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13830 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 5.0EPSS: 0%CPEs: 222EXPL: 0

Mozilla Firefox before 8.0 and Thunderbird before 8.0 on Mac OS X do not properly interact with the GPU memory behavior of a certain driver for Intel integrated GPUs, which allows remote attackers to bypass the Same Origin Policy and read image data via vectors related to WebGL textures. Mozilla Firefox en versiones anteriores a la 8.0 y Thunderbird anteriores a la 8.0 en Mac OS X no interactúan apropiadamente con el comportamiento de memoria GPU de determinados controladores de GPUs integradas Intel, lo que permite a atacantes remotos evitar la política de mismo origen ("Same Origin Policy ") y leer datos de imágenes a través de vectores relacionados con texturas WebGL. • http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00020.html http://www.mozilla.org/security/announce/2011/mfsa2011-51.html https://bugzilla.mozilla.org/show_bug.cgi?id=684882 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13347 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 10.0EPSS: 63%CPEs: 2EXPL: 0

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 7.0 and Thunderbird 7.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador de Mozilla Firefox v7.0 y Thunderbird v7.0 permiten a atacantes remotos provocar una denegación de servicio (por corrupción de memoria y caída de la aplicación) o posiblemente ejecutar código de su elección a través de vectores desconocidos. • http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00020.html http://secunia.com/advisories/49055 http://www.mozilla.org/security/announce/2011/mfsa2011-48.html https://bugzilla.mozilla.org/show_bug.cgi?id=646968 https://bugzilla.mozilla.org/show_bug.cgi?id=652054 https://bugzilla.mozilla.org/show_bug.cgi?id=665070 https://bugzilla.mozilla.org/show_bug.cgi?id=671160 https://bugzilla.mozilla.org/show_bug.cgi? •