NotCVE - vendor:"Mozilla" product:"Firefox" version:"

Page 243 of 2518 results (0.012 seconds)

CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0

CVE-2016-1940

https://notcve.org/view.php?id=CVE-2016-1940

Mozilla Firefox before 44.0 on Android allows remote attackers to spoof the address bar via a data: URL that is mishandled during (1) shortcut opening or (2) BOOKMARK intent processing. Mozilla Firefox en versiones anteriores a 44.0 en Android permite a atacantes remotos suplantar la barra de direcciones a través de un data: URL que se maneja incorrectamente durante el procesamiento de (1) la apertura de un acceso directo o (2) un BOOKMARK intent. • http://www.mozilla.org/security/announce/2016/mfsa2016-05.html http://www.securitytracker.com/id/1034825 https://bugzilla.mozilla.org/show_bug.cgi?id=1208525 https://security.gentoo.org/glsa/201605-06 • CWE-17: DEPRECATED: Code •

CVSS: 4.7EPSS: 0%CPEs: 5EXPL: 0

CVE-2016-1943

https://notcve.org/view.php?id=CVE-2016-1943

Mozilla Firefox before 44.0 on Android allows remote attackers to spoof the address bar via the scrollTo method. Mozilla Firefox en versiones anteriores a 44.0 en Android permite a atacantes remotos suplantar la barra de direcciones a través del método scrollTo. • http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00002.html http://www.mozilla.org/security/announce/2016/mfsa2016-09.html http://www.securityfocus.com/bid/81948 http://www.securitytracker.com/id/1034825 https://bugzilla.mozilla.org/show_bug.cgi?id=1228590 https://security.gentoo.org/glsa/201605-06 • CWE-17: DEPRECATED: Code •

CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0

CVE-2016-1948

https://notcve.org/view.php?id=CVE-2016-1948

Mozilla Firefox before 44.0 on Android does not ensure that HTTPS is used for a lightweight-theme installation, which allows man-in-the-middle attackers to replace a theme's images and colors by modifying the client-server data stream. Mozilla Firefox en versiones anteriores a 44.0 en Android no asegura que se utiliza HTTPS para una instalación lightweight-theme, lo que permite a atacantes man-in-the-middle reemplazar imágenes y colores de un tema modificando el flujo de datos cliente-servidor. • http://www.mozilla.org/security/announce/2016/mfsa2016-12.html http://www.securitytracker.com/id/1034825 https://bugzilla.mozilla.org/show_bug.cgi?id=1235876 https://security.gentoo.org/glsa/201605-06 • CWE-310: Cryptographic Issues •

CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0

CVE-2016-1938

https://notcve.org/view.php?id=CVE-2016-1938

The s_mp_div function in lib/freebl/mpi/mpi.c in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, improperly divides numbers, which might make it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging use of the (1) mp_div or (2) mp_exptmod function. La función s_mp_div en lib/freebl/mpi/mpi.c en Mozilla Network Security Services (NSS) en versiones anteriores a 3.21, como se utiliza en Mozilla Firefox en versiones anteriores a 44.0, no divide adecuadamente números, lo que podría hacer mas fácil para atacantes remotos vencer el mecanismo de protección criptográfico mediante el aprovechamiento del uso de la función (1) mp_div o (2) mp_exptmod. • http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00010.html http://www.debian.org/security/2016/dsa-3688 http://www.mozilla.org/security/announce/2016/mfsa2016-07.html http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html http://www.securityfocus.com/bid/81955 http://www.securityfocus.com/bid/91787 http:/&#x • CWE-310: Cryptographic Issues •

CVSS: 10.0EPSS: 3%CPEs: 4EXPL: 0

CVE-2016-1931

https://notcve.org/view.php?id=CVE-2016-1931

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 44.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to uninitialized memory encountered during brotli data compression, and other vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador en Mozilla Firefox en versiones anteriores a 44.0 permiten a atacantes remotos causar una denegación de servicio (corrupción de memoria y caída de aplicación) o posiblemente ejecutar código arbitrario a través de vectores relacionados con memoria sin inicializar encontrados durante la compresión de datos brotli y otros vectores. • http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00002.html http://www.mozilla.org/security/announce/2016/mfsa2016-01.html http://www.securityfocus.com/bid/81953 http://www.securitytracker.com/id/1034825 http://www.ubuntu.com/usn/USN-2880-1 http://www.ubuntu.com/usn/USN-2880-2 https://bugzilla.mozilla.org/show_bug.cgi?id=1180064 https://bugzilla.mozilla.org/show_bug.cgi?id=1186973 http • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

1...241 242 243 244 245