Page 235 of 1901 results (0.004 seconds)

CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0

CVE-2016-1955

https://notcve.org/view.php?id=CVE-2016-1955

Mozilla Firefox before 45.0 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information by reading a Content Security Policy (CSP) violation report that contains path information associated with an IFRAME element. Mozilla Firefoz en versiones anteriores a 45.0 permite a atacantes remotos eludir la Same Origin Policy y obtener información sensible leyendo un informe de violación de Content Security Policy (CSP) que contiene información de ruta asociada con un elemento IFRAME. • http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00008.html http://www.mozilla.org/security/announce/2016/mfsa2016-18.html http://www.securitytracker.com/id/1035215 http://www.ubuntu.com&# • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.1EPSS: 1%CPEs: 6EXPL: 0

CVE-2016-1956

https://notcve.org/view.php?id=CVE-2016-1956

Mozilla Firefox before 45.0 on Linux, when an Intel video driver is used, allows remote attackers to cause a denial of service (memory consumption or stack memory corruption) by triggering use of a WebGL shader. Mozilla Firefox en versiones anteriores a 45.0 en Linux, cuando se utiliza un controlador de video Intel, permite a atacantes remotos causar una denegación de servicio (consumo de la memoria o corrupción de la memoria de pila) desencadenando el uso de un sombreador WebGL." • http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00008.html http://www.mozilla.org/security/announce/2016/mfsa2016-19.html http://www.securitytracker.com/id/1035215 http://www.ubuntu.com&# • CWE-399: Resource Management Errors •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2016-1967

https://notcve.org/view.php?id=CVE-2016-1967

Mozilla Firefox before 45.0 does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code that leverages history.back and performance.getEntries calls after restoring a browser session. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-7207. Mozilla Firefox en versiones anteriores a 45.0 no restringe correctamente la disponibilidad de los tiempos de la API IFRAME Resource Timing, lo que permite a atacantes remotos eludir la Same Origin Policy y obtener información sensible a través de código JavaScript manipulado que se aprovecha de las llamadas history.back y performance.getEntries después de restaurar una sesión del navegador. NOTA: esta vulnerabilidad existe debido a una solución incompleta para CVE-2015-7207. • http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html http://www.mozilla.org/security/announce/2016/mfsa2016-29.html http://www.securitytracker.com/id/1035215 http://www.ubuntu.com/usn/USN-2917-1 http://www.ubuntu.com/usn/USN-2917-2 http://www.ubuntu.com/usn/USN-2917-3 https://bugzilla.mozilla.org/show_bug.cgi?id=1246956 https://security.gentoo.org/glsa/201605-06 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 0

CVE-2016-1963

https://notcve.org/view.php?id=CVE-2016-1963

The FileReader class in Mozilla Firefox before 45.0 allows local users to gain privileges or cause a denial of service (memory corruption) by changing a file during a FileReader API read operation. La clase FileReader en Mozilla Firefox en versiones anteriores a 45.0 permite a usuarios locales obtener privilegios o causar una denegación de servicio (corrupción de memoria) a través del cambio de archivo durante una operación de lectura de la API FileReader. • http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html http://www.mozilla.org/security/announce/2016/mfsa2016-26.html http://www.securitytracker.com/id/1035215 http://www.ubuntu.com/usn/USN-2917-1 http://www.ubuntu.com/usn/USN-2917-2 http://www.ubuntu.com/usn/USN-2917-3 https://bugzilla.mozilla.org/show_bug.cgi?id=1238440 https://security.gentoo.org/glsa/201605-06 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 8.8EPSS: 5%CPEs: 22EXPL: 0

CVE-2016-2798 – graphite2: multiple font parsing vulnerabilities (Mozilla MFSA 2016-37)

https://notcve.org/view.php?id=CVE-2016-2798

The graphite2::GlyphCache::Loader::Loader function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font. La función graphite2::GlyphCache::Loader::Loader en Graphite 2 en versiones anteriores a 1.3.6, como se utiliza en Mozilla Firefox en versiones anteriores a 45.0 y Firefox ESR 38.x en versiones anteriores a 38.7 permite a atacantes remotos causar una denegación de servicio (sobre lectura de buffer) o posiblemente tener otro impacto no especificado a través de una fuente inteligente Graphite manipulada. • http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00089.html http://lists.opensuse.org/opensuse-security-announce/2016-03 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •