NotCVE - vendor:"Mozilla" product:"Firefox" version:" >= 3.0

Page 230 of 2025 results (0.010 seconds)

CVSS: 8.8EPSS: 1%CPEs: 11EXPL: 0

CVE-2016-2831 – Mozilla: Entering fullscreen and persistent pointerlock without user permission (MFSA 2016-58)

https://notcve.org/view.php?id=CVE-2016-2831

Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 do not ensure that the user approves the fullscreen and pointerlock settings, which allows remote attackers to cause a denial of service (UI outage), or conduct clickjacking or spoofing attacks, via a crafted web site. Mozilla Firefox en versiones anteriores a 47.0 y Firefox ESR 45.x en versiones anteriores a 45.2 no asegura que el usuario apruebe los ajustes de pantalla completa y pointerlock, lo que permite a atacantes remotos provocar una denegación de servicio (interrupción de UI), o llevar a cabo ataques de clickjacking o de suplantación, a través de un sitio web manipulado. • http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00055.html http://www.debian.org/security/2016/dsa-3600 http://www.mozilla.org/security/announce/2016/mfsa2016-58.html http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html http://www.securityfocus.com/bid/91075 http://www.securitytracker.com/id/1036057 http&# • CWE-254: 7PK - Security Features CWE-284: Improper Access Control •

CVSS: 6.5EPSS: 0%CPEs: 11EXPL: 0

CVE-2016-2822 – Mozilla: Addressbar spoofing though the SELECT element (MFSA 2016-52)

https://notcve.org/view.php?id=CVE-2016-2822

Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to spoof the address bar via a SELECT element with a persistent menu. Mozilla Firefox en versiones anteriores a 47.0 y Firefox ESR 45.x en versiones anteriores a 45.2 permite a atacantes remotos suplantar la barra de dirección a través de un elemento SELECT con un menú persistente. • http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00055.html http://www.debian.org/security/2016/dsa-3600 http://www.mozilla.org/security/announce/2016/mfsa2016-52.html http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html http://www.securityfocus.com/bid/91075 http://www.securitytracker.com/id/1036057 http&# • CWE-284: Improper Access Control •

CVSS: 9.8EPSS: 0%CPEs: 26EXPL: 0

CVE-2016-0718 – expat: Out-of-bounds heap read on crafted input causing crash

https://notcve.org/view.php?id=CVE-2016-0718

Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow. Expat permite a atacantes dependientes del contexto provocar una denegación de servicio (caída) o posiblemente ejecutar código arbitrario a través de un documento de entrada mal formado, lo que desencadena un desbordamiento de buffer. An out-of-bounds read flaw was found in the way Expat processed certain input. A remote attacker could send specially crafted XML that, when parsed by an application using the Expat library, would cause that application to crash or, possibly, execute arbitrary code with the permission of the user running the application. • http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00064.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2016-08 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •

CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0

CVE-2016-2810

https://notcve.org/view.php?id=CVE-2016-2810

Mozilla Firefox before 46.0 on Android before 5.0 allows attackers to bypass intended Signature access requirements via a crafted application that leverages content-provider permissions, as demonstrated by reading the browser history or a saved password. Mozilla Firefox en versiones anteriores a 46.0 sobre Android en versiones anteriores a 5.0 permite a atacantes eludir requerimientos destinados al acceso Signature a través de una aplicación manipulada que aprovecha permisos content-provider, según lo demostrado por la lectura del historial del navegador o una contraseña guardada. • http://lists.opensuse.org/opensuse-updates/2016-05/msg00038.html http://www.mozilla.org/security/announce/2016/mfsa2016-41.html http://www.securitytracker.com/id/1035692 https://bugzilla.mozilla.org/show_bug.cgi?id=1229681 https://security.gentoo.org/glsa/201701-15 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0

CVE-2016-2813

https://notcve.org/view.php?id=CVE-2016-2813

Mozilla Firefox before 46.0 on Android does not properly restrict JavaScript access to orientation and motion data, which allows remote attackers to obtain sensitive information about a device's physical environment, and possibly discover PIN values, via a crafted web site, a similar issue to CVE-2016-1780. Mozilla Firefox en versiones anteriores a 46.0 sobre Android no restringe adecuadamente el acceso JavaScript a datos de orientation y motion, lo que permite a atacantes remotos obtener información sensible sobre el entorno de un dispositivo físico, y posiblemente descubrir valores de PIN, a través de un sitio web manipulado, un problema similar a CVE-2016-1780. • http://dl.acm.org/citation.cfm?id=2714650 http://lists.opensuse.org/opensuse-updates/2016-05/msg00038.html http://www.mozilla.org/security/announce/2016/mfsa2016-43.html http://www.securitytracker.com/id/1035692 https://bugzilla.mozilla.org/show_bug.cgi?id=1197901 https://security.gentoo.org/glsa/201701-15 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

1...228 229 230 231 232