Page 213 of 1317 results (0.028 seconds)

CVSS: 5.1EPSS: 1%CPEs: 251EXPL: 1

Directory traversal vulnerability in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 on Windows allows remote attackers to determine the existence of arbitrary files, and possibly load resources, via vectors involving a resource: URL. Vulnerabilidad de salto de directorio en Mozilla Firefox anterior a v3.5.19 y v3.6.x anterior a v3.6.17, Thunderbird anterior a v3.1.10, y SeaMonkey anterior a v2.0.14 en Windows permite a atacantes remotos determinar la existencia de ficheros arbitrarios, y posiblemente cargar recursos mediante vectores que comprenden un recurso: URL. • http://downloads.avaya.com/css/P8/documents/100144158 http://www.debian.org/security/2011/dsa-2227 http://www.debian.org/security/2011/dsa-2228 http://www.debian.org/security/2011/dsa-2235 http://www.mandriva.com/security/advisories?name=MDVSA-2011:079 http://www.mandriva.com/security/advisories?name=MDVSA-2011:080 http://www.mozilla.org/security/announce/2011/mfsa2011-16.html https://bugzilla.mozilla.org/show_bug.cgi?id=624764 https://oval.cisecurity.org/repository/search/ • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 2

Google Chrome before 10.0.648.127 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, related to an "error message leak." Google Chrome en versiones anteriores a la 10.0.648.127 permite a atacantes remotos evitar la política de mismo origen ("Same Origin Policy") a través de vectores sin especificar. Relacionado con un "error message leak". • http://code.google.com/p/chromium/issues/detail?id=69187 http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html http://secunia.com/advisories/48972 http://secunia.com/advisories/49047 http://secunia.com/advisories/49055 http://www.mozilla.org/security/announce/2012/mfsa2012-32.html http://www.securityfocus.com/bid/46785 http://www.vupen.com/english/advisories/2011/0628 https://bugzilla.mozilla.org/show_bug.cgi?id=624621 https://exchange.xforce.ibmcloud.com/v • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 10.0EPSS: 20%CPEs: 20EXPL: 0

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.6.x before 3.6.14 and Thunderbird 3.1.x before 3.1.8 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades sin especificar en el motor del navegador de Mozilla Firefox 3.6.x anteriores a la versión 3.6.14 y Thunderbird 3.1.x anteriores a 3.1.8. Permiten a atacantes remotos provocar una denegación de servicio (agotamiento de la memoria y caída de la aplicación) o posiblemente ejecutar código arbitrario a través de vectores sin especificar. • http://downloads.avaya.com/css/P8/documents/100133195 http://www.mandriva.com/security/advisories?name=MDVSA-2011:041 http://www.mandriva.com/security/advisories?name=MDVSA-2011:042 http://www.mozilla.org/security/announce/2011/mfsa2011-01.html http://www.securityfocus.com/bid/46647 https://bugzilla.mozilla.org/show_bug.cgi?id=569384 https://bugzilla.mozilla.org/show_bug.cgi?id=599610 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14409 https:/&#x •

CVSS: 10.0EPSS: 42%CPEs: 238EXPL: 0

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador de Mozilla Firefox antes de v3.5.17 y v3.6.x antes de v3.6.14, Thunderbird antes de v3.1.8 y SeaMonkey antes de v2.0.12 permiten a atacantes remotos provocar una denegación de servicio (corrupción de memoria y caída de la aplicación) o posiblemente ejecutar código de su elección a través de vectores desconocidos. • http://downloads.avaya.com/css/P8/documents/100133195 http://support.avaya.com/css/P8/documents/100128655 http://www.mandriva.com/security/advisories?name=MDVSA-2011:042 http://www.mozilla.org/security/announce/2011/mfsa2011-01.html http://www.redhat.com/support/errata/RHSA-2011-0312.html http://www.redhat.com/support/errata/RHSA-2011-0313.html http://www.securityfocus.com/bid/46645 https://bugzilla.mozilla.org/show_bug.cgi?id=558531 https://bugzilla.mozilla.org/show_bug.cg •

CVSS: 9.3EPSS: 8%CPEs: 149EXPL: 0

Buffer overflow in Mozilla Firefox 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 might allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG image. Desbordamiento de buffer en Mozilla Firefox 3.6.x anteriores a la versión 3.6.14, Thunderbird en versiones anteriores a la 3.1.8 y SeaMonkey anteriores a 2.0.12. Pueden permitir a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (caída de la aplicación) a través de una imagen JPEG modificada. • http://downloads.avaya.com/css/P8/documents/100133195 http://www.mandriva.com/security/advisories?name=MDVSA-2011:041 http://www.mandriva.com/security/advisories?name=MDVSA-2011:042 http://www.mozilla.org/security/announce/2011/mfsa2011-09.html http://www.securityfocus.com/bid/46651 https://bugzilla.mozilla.org/show_bug.cgi?id=610601 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14486 https://access.redhat.com/security/cve/CVE-2011-0061 https:/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •