Page 29 of 664 results (0.017 seconds)

CVSS: 8.1EPSS: 0%CPEs: 3EXPL: 0

A same-origin policy violation could have allowed the theft of cross-origin URL entries, leaking the result of a redirect, via `performance.getEntries()`. This vulnerability affects Firefox < 106, Firefox ESR < 102.4, and Thunderbird < 102.4. Una infracción de la política del mismo origen podría haber permitido el robo de entradas de URL de origen cruzado, filtrando el resultado de una redirección, a través de 'performance.getEntries()'. Esta vulnerabilidad afecta a Firefox &lt; 106, Firefox ESR &lt; 102.4 y Thunderbird &lt; 102.4. A flaw was found in Mozilla. • https://bugzilla.mozilla.org/show_bug.cgi?id=1789128 https://www.mozilla.org/security/advisories/mfsa2022-44 https://www.mozilla.org/security/advisories/mfsa2022-45 https://www.mozilla.org/security/advisories/mfsa2022-46 https://access.redhat.com/security/cve/CVE-2022-42927 https://bugzilla.redhat.com/show_bug.cgi?id=2136156 • CWE-346: Origin Validation Error CWE-829: Inclusion of Functionality from Untrusted Control Sphere •

CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0

If a website called `window.print()` in a particular way, it could cause a denial of service of the browser, which may persist beyond browser restart depending on the user's session restore settings. This vulnerability affects Firefox < 106, Firefox ESR < 102.4, and Thunderbird < 102.4. Si un sitio web se llama 'window.print()' de una manera particular, podría causar una denegación de servicio del navegador, que puede persistir más allá del reinicio del navegador dependiendo de la configuración de restauración de sesión del usuario. Esta vulnerabilidad afecta a Firefox &lt; 106, Firefox ESR &lt; 102.4 y Thunderbird &lt; 102.4. A flaw was found in Mozilla. • https://bugzilla.mozilla.org/show_bug.cgi?id=1789439 https://www.mozilla.org/security/advisories/mfsa2022-44 https://www.mozilla.org/security/advisories/mfsa2022-45 https://www.mozilla.org/security/advisories/mfsa2022-46 https://access.redhat.com/security/cve/CVE-2022-42929 https://bugzilla.redhat.com/show_bug.cgi?id=2136158 • CWE-400: Uncontrolled Resource Consumption •

CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0

Mozilla developers Ashley Hale and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 105 and Firefox ESR 102.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 106, Firefox ESR < 102.4, and Thunderbird < 102.4. Los desarrolladores de Mozilla Ashley Hale y el equipo de Mozilla Fuzzing informaron errores de seguridad de memoria presentes en Firefox 105 y Firefox ESR 102.3. Algunos de estos errores mostraron evidencia de corrupción de memoria y suponemos que con suficiente esfuerzo algunos de estos podrían haber sido explotados para ejecutar código arbitrario. • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1789729%2C1791363%2C1792041 https://www.mozilla.org/security/advisories/mfsa2022-44 https://www.mozilla.org/security/advisories/mfsa2022-45 https://www.mozilla.org/security/advisories/mfsa2022-46 https://access.redhat.com/security/cve/CVE-2022-42932 https://bugzilla.redhat.com/show_bug.cgi?id=2136159 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •

CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0

Certain types of allocations were missing annotations that, if the Garbage Collector was in a specific state, could have lead to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 106, Firefox ESR < 102.4, and Thunderbird < 102.4. A ciertos tipos de asignaciones les faltaban anotaciones que, si el recolector de elementos no utilizados estaba en un estado específico, podrían haber provocado daños en la memoria y un bloqueo potencialmente explotable. Esta vulnerabilidad afecta a Firefox &lt; 106, Firefox ESR &lt; 102.4 y Thunderbird &lt; 102.4. A flaw was found in Mozilla. • https://bugzilla.mozilla.org/show_bug.cgi?id=1791520 https://www.mozilla.org/security/advisories/mfsa2022-44 https://www.mozilla.org/security/advisories/mfsa2022-45 https://www.mozilla.org/security/advisories/mfsa2022-46 https://access.redhat.com/security/cve/CVE-2022-42928 https://bugzilla.redhat.com/show_bug.cgi?id=2136157 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-476: NULL Pointer Dereference •

CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0

By injecting a cookie with certain special characters, an attacker on a shared subdomain which is not a secure context could set and thus overwrite cookies from a secure context, leading to session fixation and other attacks. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105. Al inyectar una cookie con ciertos caracteres especiales, un atacante en un subdominio compartido que no es un contexto seguro podría establecer y, por lo tanto, sobrescribir cookies desde un contexto seguro, lo que provocaría la fijación de sesiones y otros ataques. Esta vulnerabilidad afecta a Firefox ESR &lt; 102.3, Thunderbird &lt; 102.3 y Firefox &lt; 105. A flaw was found in Mozilla. • https://bugzilla.mozilla.org/show_bug.cgi?id=1779993 https://www.mozilla.org/security/advisories/mfsa2022-40 https://www.mozilla.org/security/advisories/mfsa2022-41 https://www.mozilla.org/security/advisories/mfsa2022-42 https://access.redhat.com/security/cve/CVE-2022-40958 https://bugzilla.redhat.com/show_bug.cgi?id=2128794 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-784: Reliance on Cookies without Validation and Integrity Checking in a Security Decision •