Page 232 of 1936 results (0.017 seconds)

CVSS: 8.8EPSS: 5%CPEs: 1EXPL: 0

CVE-2016-2811

https://notcve.org/view.php?id=CVE-2016-2811

Use-after-free vulnerability in the ServiceWorkerInfo class in the Service Worker subsystem in Mozilla Firefox before 46.0 allows remote attackers to execute arbitrary code via vectors related to the BeginReading method. Vulnerabilidad de uso después de liberación de memoria en la clase ServiceWorkerInfo en el subsistema Service Worker en Mozilla Firefox en versiones anteriores a 46.0 permite a atacantes remotos ejecutar código arbitrario a través de vectores relacionados con el método BeginReading. • http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00005.html http://lists.opensuse.org/opensuse-updates/2016-05/msg00038.html http://www.mozilla.org/security/announce/2016/mfsa2016-42.html http://www.securitytracker.com/id/1035692 http://www.ubuntu.com/usn/USN-2936-1 http://www.ubuntu.com/usn/USN-2936-2 http://www.ubuntu.com/usn/USN-2936-3 https://bugzilla.mozilla.org/show_bug.cgi?id=1252330 https://security.gentoo.org/glsa/201701-15 •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2016-2816

https://notcve.org/view.php?id=CVE-2016-2816

Mozilla Firefox before 46.0 allows remote attackers to bypass the Content Security Policy (CSP) protection mechanism via the multipart/x-mixed-replace content type. Mozilla Firefox en versiones anteriores a 46.0 permite a atacantes remotos eludir el mecanismo de protección Content Security Policy (CSP) a través del tipo de contenido multipart/x-mixed-replace. • http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00005.html http://lists.opensuse.org/opensuse-updates/2016-05/msg00038.html http://www.mozilla.org/security/announce/2016/mfsa2016-45.html http://www.securitytracker.com/id/1035692 http://www.ubuntu.com/usn/USN-2936-1 http://www.ubuntu.com/usn/USN-2936-2 http://www.ubuntu.com/usn/USN-2936-3 https://bugzilla.mozilla.org/show_bug.cgi?id=1223743 https://security.gentoo.org/glsa/201701-15 • CWE-284: Improper Access Control •

CVSS: 7.5EPSS: 1%CPEs: 17EXPL: 0

CVE-2016-2808 – Mozilla: Write to invalid HashMap entry through JavaScript.watch() (MFSA 2016-47)

https://notcve.org/view.php?id=CVE-2016-2808

The watch implementation in the JavaScript engine in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allows remote attackers to execute arbitrary code or cause a denial of service (generation-count overflow, out-of-bounds HashMap write access, and application crash) via a crafted web site. La implementación de watch en el motor JavaScript en Mozilla Firefox en versiones anteriores a 46.0, Firefox ESR 38.x en versiones anteriores a 38.8 y Firefox ESR 45.x en versiones anteriores a 45.1 permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (desbordamiento de generación de contador, acceso a escritura en HashMap fuera de límites y caída de aplicación) a través de un sitio web manipulado. • http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00023.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00054.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00057.html http://lists.opensuse.org/opensuse-updates/2016-05/msg00038.html http://rhn.redhat.com/errata/RHSA-2016-0695.html http://www.debian.org/security/2016/dsa-3559 http://www.mozilla.org/security/ann • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 8.8EPSS: 16%CPEs: 17EXPL: 0

CVE-2016-2814 – Mozilla: Buffer overflow in libstagefright with CENC offsets (MFSA 2016-44)

https://notcve.org/view.php?id=CVE-2016-2814

Heap-based buffer overflow in the stagefright::SampleTable::parseSampleCencInfo function in libstagefright in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allows remote attackers to execute arbitrary code via crafted CENC offsets that lead to mismanagement of the sizes table. Desbordamiento de buffer basado en memoria dinámica en la función stagefright::SampleTable::parseSampleCencInfo en libstagefright en Mozilla Firefox en versiones anteriores a 46.0, Firefox ESR 38.x en versiones anteriores a 38.8 y Firefox ESR 45.x en versiones anteriores a 45.1 permite a atacantes remotos ejecutar código arbitrario a través de desplazamientos CENC manipulados que conducen a administración incorrecta de la tabla de tamaños • http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00023.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00054.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00057.html http://lists.opensuse.org/opensuse-updates/2016-05/msg00038.html http://rhn.redhat.com/errata/RHSA-2016-0695.html http://www.debian.org/security/2016/dsa-3559 http://www.mozilla.org/security/ann • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 10.0EPSS: 1%CPEs: 21EXPL: 0

CVE-2016-2807 – Mozilla: Miscellaneous memory safety hazards (rv:46.0 / rv:45.1 / rv:38.8) (MFSA 2016-39)

https://notcve.org/view.php?id=CVE-2016-2807

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador en Mozilla Firefox en versiones anteriores a 46.0, Firefox ESR 38.x en versiones anteriores a 38.8 y Firefox ESR 45.x en versiones anteriores a 45.1 permiten a atacantes remotos provocar una denegación de servicio (corrupción de memoria y caída de aplicación) o posiblemente ejecutar código arbitrario a través de vectores desconocidos. • http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00023.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00054.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00057.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2016-07 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •