Page 22 of 200 results (0.003 seconds)

CVSS: 10.0EPSS: 3%CPEs: 6EXPL: 0

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 43.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador en Mozilla Firefox en versiones anteriores a 43.0 permite a atacantes remotos causar una denegación de servicio (corrupción de memoria y caída de aplicación) o posiblemente ejecutar código arbitrario a través de vectores desconocidos. • http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174083.html http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174253.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00023.html http://lists.opensuse.org/opensuse-updates/2015-12/msg00104.html http://lists.opensuse.org/opensuse-updates/2016-02/msg000 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 6.8EPSS: 3%CPEs: 9EXPL: 0

Mozilla Firefox before 43.0 does not properly store the properties of unboxed objects, which allows remote attackers to execute arbitrary code via crafted JavaScript variable assignments. Mozilla Firefox en versiones anteriores a 43.0 no almacena adecuadamente las propiedades de objetos unboxed, lo que permite a atacantes remotos ejecutar código arbitrario a través de asignaciones de variable JavaScript manipuladas. • http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174083.html http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174253.html http://lists.opensuse.org/opensuse-updates/2015-12/msg00104.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00007.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00008.html http://www.mozilla.org/security/announce/2015/mfsa2015-135.html http://www.securityfocus.com/bid/79280 http://www.securitytracker.com/id/103 • CWE-17: DEPRECATED: Code •

CVSS: 7.5EPSS: 5%CPEs: 15EXPL: 0

Use-after-free vulnerability in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allows remote attackers to execute arbitrary code by triggering attempted use of a data channel that has been closed by a WebRTC function. Vulnerabilidad de uso después de liberación de memoria en Mozilla Firefox en versiones anteriores a 43.0 y Firefox ESR 38.x en versiones anteriores a 38.5 permite a atacantes remotos ejecutar código arbitrario desencadenando el intento de uso de un canal de datos que ha sido cerrado mediante una función WebRTC. • http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174083.html http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174253.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00023.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00038.html http://lists.opensuse.org/opensuse-security-announce& • CWE-416: Use After Free •

CVSS: 7.5EPSS: 4%CPEs: 15EXPL: 0

Integer overflow in the mozilla::layers::BufferTextureClient::AllocateForSurface function in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allows remote attackers to execute arbitrary code by triggering a graphics operation that requires a large texture allocation. Desbordamiento de entero en la función mozilla::layers::BufferTextureClient::AllocateForSurface en Mozilla Firefox en versiones anteriores a 43.0 y Firefox ESR 38.x en versiones anteriores a 38.5 permite a atacantes remotos ejecutar código arbitrario desencadenando una operación de gráficos que requiere una gran asignación de textura. • http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174083.html http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174253.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00023.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00038.html http://lists.opensuse.org/opensuse-security-announce& • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •

CVSS: 6.8EPSS: 5%CPEs: 15EXPL: 0

Integer overflow in the MPEG4Extractor::readMetaData function in MPEG4Extractor.cpp in libstagefright in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 on 64-bit platforms allows remote attackers to execute arbitrary code via a crafted MP4 video file that triggers a buffer overflow. Desbordamiento de entero en la función MPEG4Extractor::readMetaData en MPEG4Extractor.cpp en libstagefright en Mozilla Firefox en versiones anteriores a 43.0 y Firefox ESR 38.x en versiones anteriores a 38.5 en plataformas 64-bit permite a atacantes remotos ejecutar código arbitrario a través de un archivo de vídeo MP4 manipulado que desencadena un desbordamiento de buffer. • http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174083.html http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174253.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00023.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00038.html http://lists.opensuse.org/opensuse-security-announce& • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •