Page 229 of 1524 results (0.010 seconds)

CVSS: 6.5EPSS: 0%CPEs: 11EXPL: 0

CVE-2016-2822 – Mozilla: Addressbar spoofing though the SELECT element (MFSA 2016-52)

https://notcve.org/view.php?id=CVE-2016-2822

Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to spoof the address bar via a SELECT element with a persistent menu. Mozilla Firefox en versiones anteriores a 47.0 y Firefox ESR 45.x en versiones anteriores a 45.2 permite a atacantes remotos suplantar la barra de dirección a través de un elemento SELECT con un menú persistente. • http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00055.html http://www.debian.org/security/2016/dsa-3600 http://www.mozilla.org/security/announce/2016/mfsa2016-52.html http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html http://www.securityfocus.com/bid/91075 http://www.securitytracker.com/id/1036057 http&# • CWE-284: Improper Access Control •

CVSS: 9.8EPSS: 0%CPEs: 26EXPL: 0

CVE-2016-0718 – expat: Out-of-bounds heap read on crafted input causing crash

https://notcve.org/view.php?id=CVE-2016-0718

Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow. Expat permite a atacantes dependientes del contexto provocar una denegación de servicio (caída) o posiblemente ejecutar código arbitrario a través de un documento de entrada mal formado, lo que desencadena un desbordamiento de buffer. An out-of-bounds read flaw was found in the way Expat processed certain input. A remote attacker could send specially crafted XML that, when parsed by an application using the Expat library, would cause that application to crash or, possibly, execute arbitrary code with the permission of the user running the application. • http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00064.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2016-08 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •

CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0

CVE-2016-2810

https://notcve.org/view.php?id=CVE-2016-2810

Mozilla Firefox before 46.0 on Android before 5.0 allows attackers to bypass intended Signature access requirements via a crafted application that leverages content-provider permissions, as demonstrated by reading the browser history or a saved password. Mozilla Firefox en versiones anteriores a 46.0 sobre Android en versiones anteriores a 5.0 permite a atacantes eludir requerimientos destinados al acceso Signature a través de una aplicación manipulada que aprovecha permisos content-provider, según lo demostrado por la lectura del historial del navegador o una contraseña guardada. • http://lists.opensuse.org/opensuse-updates/2016-05/msg00038.html http://www.mozilla.org/security/announce/2016/mfsa2016-41.html http://www.securitytracker.com/id/1035692 https://bugzilla.mozilla.org/show_bug.cgi?id=1229681 https://security.gentoo.org/glsa/201701-15 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0

CVE-2016-2813

https://notcve.org/view.php?id=CVE-2016-2813

Mozilla Firefox before 46.0 on Android does not properly restrict JavaScript access to orientation and motion data, which allows remote attackers to obtain sensitive information about a device's physical environment, and possibly discover PIN values, via a crafted web site, a similar issue to CVE-2016-1780. Mozilla Firefox en versiones anteriores a 46.0 sobre Android no restringe adecuadamente el acceso JavaScript a datos de orientation y motion, lo que permite a atacantes remotos obtener información sensible sobre el entorno de un dispositivo físico, y posiblemente descubrir valores de PIN, a través de un sitio web manipulado, un problema similar a CVE-2016-1780. • http://dl.acm.org/citation.cfm?id=2714650 http://lists.opensuse.org/opensuse-updates/2016-05/msg00038.html http://www.mozilla.org/security/announce/2016/mfsa2016-43.html http://www.securitytracker.com/id/1035692 https://bugzilla.mozilla.org/show_bug.cgi?id=1197901 https://security.gentoo.org/glsa/201701-15 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.8EPSS: 2%CPEs: 2EXPL: 0

CVE-2016-2809

https://notcve.org/view.php?id=CVE-2016-2809

The Mozilla Maintenance Service updater in Mozilla Firefox before 46.0 on Windows allows user-assisted remote attackers to delete arbitrary files by leveraging certain local file execution. El actualizador Mozilla Maintenance Service en Mozilla Firefox en versiones anteriores a 46.0 sobre Windows permite a atacantes remotos asistidos por usuario eliminar archivos arbitrarios aprovechando la ejecución de un determinado archivo local. • http://lists.opensuse.org/opensuse-updates/2016-05/msg00038.html http://www.mozilla.org/security/announce/2016/mfsa2016-40.html http://www.securitytracker.com/id/1035692 https://bugzilla.mozilla.org/show_bug.cgi?id=1212939 https://security.gentoo.org/glsa/201701-15 • CWE-264: Permissions, Privileges, and Access Controls •