Page 29 of 784 results (0.030 seconds)

CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0

When a ServiceWorker intercepted a request with <code>FetchEvent</code>, the origin of the request was lost after the ServiceWorker took ownership of it. This had the effect of negating SameSite cookie protections. This was addressed in the spec and then in browsers. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107. Cuando un ServiceWorker interceptó una solicitud con <code>FetchEvent</code>, el origen de la solicitud se perdió después de que ServiceWorker tomó posesión de ella. • https://bugzilla.mozilla.org/show_bug.cgi?id=1658869 https://www.mozilla.org/security/advisories/mfsa2022-47 https://www.mozilla.org/security/advisories/mfsa2022-48 https://www.mozilla.org/security/advisories/mfsa2022-49 https://access.redhat.com/security/cve/CVE-2022-45410 https://bugzilla.redhat.com/show_bug.cgi?id=2143203 • CWE-1275: Sensitive Cookie with Improper SameSite Attribute •

CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0

An out-of-bounds read can occur when decoding H264 video. This results in a potentially exploitable crash. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105. Puede ocurrir una lectura fuera de los límites al decodificar video H264. Esto da como resultado un bloqueo potencialmente explotable. • https://bugzilla.mozilla.org/show_bug.cgi?id=1767360 https://www.mozilla.org/security/advisories/mfsa2022-40 https://www.mozilla.org/security/advisories/mfsa2022-41 https://www.mozilla.org/security/advisories/mfsa2022-42 https://access.redhat.com/security/cve/CVE-2022-3266 https://bugzilla.redhat.com/show_bug.cgi?id=2157739 • CWE-125: Out-of-bounds Read •

CVSS: 8.1EPSS: 0%CPEs: 3EXPL: 0

A same-origin policy violation could have allowed the theft of cross-origin URL entries, leaking the result of a redirect, via `performance.getEntries()`. This vulnerability affects Firefox < 106, Firefox ESR < 102.4, and Thunderbird < 102.4. Una infracción de la política del mismo origen podría haber permitido el robo de entradas de URL de origen cruzado, filtrando el resultado de una redirección, a través de 'performance.getEntries()'. Esta vulnerabilidad afecta a Firefox &lt; 106, Firefox ESR &lt; 102.4 y Thunderbird &lt; 102.4. A flaw was found in Mozilla. • https://bugzilla.mozilla.org/show_bug.cgi?id=1789128 https://www.mozilla.org/security/advisories/mfsa2022-44 https://www.mozilla.org/security/advisories/mfsa2022-45 https://www.mozilla.org/security/advisories/mfsa2022-46 https://access.redhat.com/security/cve/CVE-2022-42927 https://bugzilla.redhat.com/show_bug.cgi?id=2136156 • CWE-346: Origin Validation Error CWE-829: Inclusion of Functionality from Untrusted Control Sphere •

CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0

If a website called `window.print()` in a particular way, it could cause a denial of service of the browser, which may persist beyond browser restart depending on the user's session restore settings. This vulnerability affects Firefox < 106, Firefox ESR < 102.4, and Thunderbird < 102.4. Si un sitio web se llama 'window.print()' de una manera particular, podría causar una denegación de servicio del navegador, que puede persistir más allá del reinicio del navegador dependiendo de la configuración de restauración de sesión del usuario. Esta vulnerabilidad afecta a Firefox &lt; 106, Firefox ESR &lt; 102.4 y Thunderbird &lt; 102.4. A flaw was found in Mozilla. • https://bugzilla.mozilla.org/show_bug.cgi?id=1789439 https://www.mozilla.org/security/advisories/mfsa2022-44 https://www.mozilla.org/security/advisories/mfsa2022-45 https://www.mozilla.org/security/advisories/mfsa2022-46 https://access.redhat.com/security/cve/CVE-2022-42929 https://bugzilla.redhat.com/show_bug.cgi?id=2136158 • CWE-400: Uncontrolled Resource Consumption •

CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0

Mozilla developers Ashley Hale and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 105 and Firefox ESR 102.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 106, Firefox ESR < 102.4, and Thunderbird < 102.4. Los desarrolladores de Mozilla Ashley Hale y el equipo de Mozilla Fuzzing informaron errores de seguridad de memoria presentes en Firefox 105 y Firefox ESR 102.3. Algunos de estos errores mostraron evidencia de corrupción de memoria y suponemos que con suficiente esfuerzo algunos de estos podrían haber sido explotados para ejecutar código arbitrario. • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1789729%2C1791363%2C1792041 https://www.mozilla.org/security/advisories/mfsa2022-44 https://www.mozilla.org/security/advisories/mfsa2022-45 https://www.mozilla.org/security/advisories/mfsa2022-46 https://access.redhat.com/security/cve/CVE-2022-42932 https://bugzilla.redhat.com/show_bug.cgi?id=2136159 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •