Page 2 of 2994 results (0.005 seconds)

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

The WebAudio `OscillatorNode` object was susceptible to a stack buffer overflow. This could have led to a potentially exploitable crash. This vulnerability affects Firefox < 122. El objeto WebAudio `OscillatorNode` era susceptible a un desbordamiento de búfer en la región stack de la memoria. Esto podría haber provocado un fallo potencialmente explotable. • https://bugzilla.mozilla.org/show_bug.cgi?id=1871838 https://www.mozilla.org/security/advisories/mfsa2024-01 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

In some circumstances, JIT compiled code could have dereferenced a wild pointer value. This could have led to an exploitable crash. This vulnerability affects Firefox < 122. En algunas circunstancias, el código compilado JIT podría haber eliminado la referencia a un valor de puntero salvaje. Esto podría haber provocado un fallo explotable. • https://bugzilla.mozilla.org/show_bug.cgi?id=1871089 https://www.mozilla.org/security/advisories/mfsa2024-01 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

An unchecked return value in TLS handshake code could have caused a potentially exploitable crash. This vulnerability affects Firefox < 122, Firefox ESR < 115.9, and Thunderbird < 115.9. Un valor de retorno no verificado en el código de protocolo de enlace TLS podría haber causado un bloqueo potencialmente explotable. Esta vulnerabilidad afecta a Firefox &lt; 122. The Mozilla Foundation Security Advisory describes this flaw as: An unchecked return value in TLS handshake code could have caused a potentially exploitable crash. • https://bugzilla.mozilla.org/show_bug.cgi?id=1867408 https://lists.debian.org/debian-lts-announce/2024/03/msg00010.html https://lists.debian.org/debian-lts-announce/2024/03/msg00022.html https://lists.debian.org/debian-lts-announce/2024/03/msg00028.html https://www.mozilla.org/security/advisories/mfsa2024-01 https://www.mozilla.org/security/advisories/mfsa2024-13 https://www.mozilla.org/security/advisories/mfsa2024-14 https://access.redhat.com/security/cve/CVE-2024-0743 https:/ • CWE-252: Unchecked Return Value •

CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0

Memory safety bugs present in Firefox 121, Firefox ESR 115.6, and Thunderbird 115.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7. Errores de seguridad de la memoria presentes en Firefox 121, Firefox ESR 115.6 y Thunderbird 115.6. Algunos de estos errores mostraron evidencia de corrupción de memoria y suponemos que con suficiente esfuerzo algunos de ellos podrían haberse aprovechado para ejecutar código arbitrario. • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1868456%2C1871445%2C1873701 https://lists.debian.org/debian-lts-announce/2024/01/msg00015.html https://lists.debian.org/debian-lts-announce/2024/01/msg00022.html https://www.mozilla.org/security/advisories/mfsa2024-01 https://www.mozilla.org/security/advisories/mfsa2024-02 https://www.mozilla.org/security/advisories/mfsa2024-04 https://access.redhat.com/security/cve/CVE-2024-0755 https://bugzilla.redhat.com/show_bug.cgi?id=2259934 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •

CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0

In specific HSTS configurations an attacker could have bypassed HSTS on a subdomain. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7. En configuraciones HSTS específicas, un atacante podría haber omitido HSTS en un subdominio. Esta vulnerabilidad afecta a Firefox &lt; 122, Firefox ESR &lt; 115.7 y Thunderbird &lt; 115.7. The Mozilla Foundation Security Advisory describes this flaw as: In specific HSTS configurations an attacker could have bypassed HSTS on a subdomain. • https://bugzilla.mozilla.org/show_bug.cgi?id=1870262 https://lists.debian.org/debian-lts-announce/2024/01/msg00015.html https://lists.debian.org/debian-lts-announce/2024/01/msg00022.html https://www.mozilla.org/security/advisories/mfsa2024-01 https://www.mozilla.org/security/advisories/mfsa2024-02 https://www.mozilla.org/security/advisories/mfsa2024-04 https://access.redhat.com/security/cve/CVE-2024-0753 https://bugzilla.redhat.com/show_bug.cgi?id=2259933 • CWE-326: Inadequate Encryption Strength •