Page 243 of 1901 results (0.021 seconds)

CVSS: 10.0EPSS: 4%CPEs: 4EXPL: 0

CVE-2016-1946

https://notcve.org/view.php?id=CVE-2016-1946

The MoofParser::Metadata function in binding/MoofParser.cpp in libstagefright in Mozilla Firefox before 44.0 does not limit the size of read operations, which might allow remote attackers to cause a denial of service (integer overflow and buffer overflow) or possibly have unspecified other impact via crafted metadata. La función MoofParser::Metadata en binding/MoofParser.cpp en libstagefright en Mozilla Firefox en versiones anteriores a 44.0 no limita el tamaño de las operaciones de lectura, lo que podría permitir a atacantes remotos causar una denegación de servicio (desbordamiento de entero y desbordamiento de buffer) o posiblemente tener otro impacto no especificado a través de metadatos manipulados. • http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00002.html http://www.mozilla.org/security/announce/2016/mfsa2016-10.html http://www.securityfocus.com/bid/81950 http://www.securitytracker.com/id/1034825 http://www.ubuntu.com/usn/USN-2880-1 http://www.ubuntu.com/usn/USN-2880-2 https://bugzilla.mozilla.org/show_bug.cgi?id=1232069 https://hg.mozilla.org/mozilla-central/rev/2a57c0a0cf19 htt • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-189: Numeric Errors •

CVSS: 7.4EPSS: 0%CPEs: 4EXPL: 0

CVE-2016-1942

https://notcve.org/view.php?id=CVE-2016-1942

Mozilla Firefox before 44.0 allows user-assisted remote attackers to spoof a trailing substring in the address bar by leveraging a user's paste of a (1) wyciwyg: URI or (2) resource: URI. Mozilla Firefox en versiones anteriores a 44.0 permite a atacantes remotos asistidos por usuario suplantar una subcadena posterior en la barra de direcciones aprovechando lo que pega un usuario de un (1) wyciwyg: URI o (2) resource: URI. • http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00002.html http://www.mozilla.org/security/announce/2016/mfsa2016-09.html http://www.securityfocus.com/bid/81948 http://www.securitytracker.com/id/1034825 http://www.ubuntu.com/usn/USN-2880-1 http://www.ubuntu.com/usn/USN-2880-2 https://bugzilla.mozilla.org/show_bug.cgi?id=1189082 https://security.gentoo.org/glsa/201605-06 • CWE-20: Improper Input Validation •

CVSS: 10.0EPSS: 0%CPEs: 13EXPL: 0

CVE-2016-1930 – Mozilla: Miscellaneous memory safety hazards (rv:38.6) (MFSA 2016-01)

https://notcve.org/view.php?id=CVE-2016-1930

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 44.0 and Firefox ESR 38.x before 38.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador en Mozilla Firefox en versiones anteriores a 44.0 y Firefox ESR 38.x en versiones anteriores a 38.6 permiten a atacantes remotos causar una denegación de servicio (corrupción de memoria y caída de aplicación) o posiblemente ejecutar código arbitrario a través de vectores desconocidos. • http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00010.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00101.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00105.html http://rhn.redhat.com/errata/RHSA-2016-0071.html http://rhn.redhat. • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.3EPSS: 0%CPEs: 13EXPL: 0

CVE-2016-1935 – Mozilla: Buffer overflow in WebGL after out of memory allocation (MFSA 2016-03)

https://notcve.org/view.php?id=CVE-2016-1935

Buffer overflow in the BufferSubData function in Mozilla Firefox before 44.0 and Firefox ESR 38.x before 38.6 allows remote attackers to execute arbitrary code via crafted WebGL content. Desbordamiento de buffer en la función BufferSubData en Mozilla Firefox en versiones anteriores a 44.0 y Firefox ESR 38.x en versiones anteriores a 38.6 permite a atacantes remotos ejecutar código arbitrario a través de contenido WebGL manipulado. • http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00010.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00101.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00105.html http://rhn.redhat.com/errata/RHSA-2016-0071.html http://rhn.redhat. • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 5.9EPSS: 0%CPEs: 19EXPL: 0

CVE-2015-7575 – TLS 1.2 Transcipt Collision attacks against MD5 in key exchange protocol (SLOTH)

https://notcve.org/view.php?id=CVE-2015-7575

Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffic, which makes it easier for man-in-the-middle attackers to spoof servers by triggering a collision. Mozilla Network Security Services (NSS) en versiones anteriores a 3.20.2, tal como se utiliza en Mozilla Firefox en versiones anteriores a 43.0.2 y Firefox ESR 38.x en versiones anteriores a 38.5.2, no rechaza las firmas MD5 en mensajes Server Key Exchange en el tráfico de TLS 1.2 Handshake Protocol, lo que facilita a atacantes man-in-the-middle falsificar servidores desencadenando una colisión. A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to impersonate a TLS server or an authenticated TLS client. • http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00038.html http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00041.html http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00042.html http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00043.html http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00044.html http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00045.html http://lists.opensuse.org/opensuse-security-announce/2016-01 • CWE-19: Data Processing Errors •