Page 243 of 1798 results (0.024 seconds)

CVSS: 7.4EPSS: 0%CPEs: 4EXPL: 0

CVE-2016-1942

https://notcve.org/view.php?id=CVE-2016-1942

Mozilla Firefox before 44.0 allows user-assisted remote attackers to spoof a trailing substring in the address bar by leveraging a user's paste of a (1) wyciwyg: URI or (2) resource: URI. Mozilla Firefox en versiones anteriores a 44.0 permite a atacantes remotos asistidos por usuario suplantar una subcadena posterior en la barra de direcciones aprovechando lo que pega un usuario de un (1) wyciwyg: URI o (2) resource: URI. • http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00002.html http://www.mozilla.org/security/announce/2016/mfsa2016-09.html http://www.securityfocus.com/bid/81948 http://www.securitytracker.com/id/1034825 http://www.ubuntu.com/usn/USN-2880-1 http://www.ubuntu.com/usn/USN-2880-2 https://bugzilla.mozilla.org/show_bug.cgi?id=1189082 https://security.gentoo.org/glsa/201605-06 • CWE-20: Improper Input Validation •

CVSS: 10.0EPSS: 0%CPEs: 13EXPL: 0

CVE-2016-1930 – Mozilla: Miscellaneous memory safety hazards (rv:38.6) (MFSA 2016-01)

https://notcve.org/view.php?id=CVE-2016-1930

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 44.0 and Firefox ESR 38.x before 38.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador en Mozilla Firefox en versiones anteriores a 44.0 y Firefox ESR 38.x en versiones anteriores a 38.6 permiten a atacantes remotos causar una denegación de servicio (corrupción de memoria y caída de aplicación) o posiblemente ejecutar código arbitrario a través de vectores desconocidos. • http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00010.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00101.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00105.html http://rhn.redhat.com/errata/RHSA-2016-0071.html http://rhn.redhat. • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.3EPSS: 0%CPEs: 13EXPL: 0

CVE-2016-1935 – Mozilla: Buffer overflow in WebGL after out of memory allocation (MFSA 2016-03)

https://notcve.org/view.php?id=CVE-2016-1935

Buffer overflow in the BufferSubData function in Mozilla Firefox before 44.0 and Firefox ESR 38.x before 38.6 allows remote attackers to execute arbitrary code via crafted WebGL content. Desbordamiento de buffer en la función BufferSubData en Mozilla Firefox en versiones anteriores a 44.0 y Firefox ESR 38.x en versiones anteriores a 38.6 permite a atacantes remotos ejecutar código arbitrario a través de contenido WebGL manipulado. • http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00010.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00101.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00105.html http://rhn.redhat.com/errata/RHSA-2016-0071.html http://rhn.redhat. • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 5.9EPSS: 0%CPEs: 19EXPL: 0

CVE-2015-7575 – TLS 1.2 Transcipt Collision attacks against MD5 in key exchange protocol (SLOTH)

https://notcve.org/view.php?id=CVE-2015-7575

Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffic, which makes it easier for man-in-the-middle attackers to spoof servers by triggering a collision. Mozilla Network Security Services (NSS) en versiones anteriores a 3.20.2, tal como se utiliza en Mozilla Firefox en versiones anteriores a 43.0.2 y Firefox ESR 38.x en versiones anteriores a 38.5.2, no rechaza las firmas MD5 en mensajes Server Key Exchange en el tráfico de TLS 1.2 Handshake Protocol, lo que facilita a atacantes man-in-the-middle falsificar servidores desencadenando una colisión. A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to impersonate a TLS server or an authenticated TLS client. • http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00038.html http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00041.html http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00042.html http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00043.html http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00044.html http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00045.html http://lists.opensuse.org/opensuse-security-announce/2016-01 • CWE-19: Data Processing Errors •

CVSS: 5.0EPSS: 4%CPEs: 6EXPL: 0

CVE-2015-7218

https://notcve.org/view.php?id=CVE-2015-7218

The HTTP/2 implementation in Mozilla Firefox before 43.0 allows remote attackers to cause a denial of service (integer underflow, assertion failure, and application exit) via a single-byte header frame that triggers incorrect memory allocation. La implementación HTTP/2 en Mozilla Firefox en versiones anteriores a 43.0 permite a atacantes remotos causar una denegación de servicio (Desbordamiento inferior de entero, fallo de aserción y salida de aplicación) a través de un frame de cabecera de un solo byte que desencadena asignación de memoria incorrecta. • http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174083.html http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174253.html http://lists.opensuse.org/opensuse-updates/2015-12/msg00104.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00007.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00008.html http://www.mozilla.org/security/announce/2015/mfsa2015-142.html http://www.securityfocus.com/bid/79280 http://www.securitytracker.com/id/103 • CWE-189: Numeric Errors •