Page 3 of 691 results (0.015 seconds)

CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0

The `ShutdownObserver()` was susceptible to potentially undefined behavior due to its reliance on a dynamic type that lacked a virtual destructor. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121. El `ShutdownObserver()` era susceptible a un comportamiento potencialmente indefinido debido a su dependencia de un tipo dinámico que carecía de un destructor virtual. Esta vulnerabilidad afecta a Firefox ESR &lt;115.6, Thunderbird &lt;115.6 y Firefox &lt;121. The Mozilla Foundation Security Advisory describes this flaw as: The `ShutdownObserver()` was susceptible to potentially undefined behavior due to its reliance on a dynamic type that lacked a virtual destructor. • https://bugzilla.mozilla.org/show_bug.cgi?id=1868901 https://lists.debian.org/debian-lts-announce/2023/12/msg00020.html https://security.gentoo.org/glsa/202401-10 https://www.debian.org/security/2023/dsa-5581 https://www.mozilla.org/security/advisories/mfsa2023-54 https://www.mozilla.org/security/advisories/mfsa2023-55 https://www.mozilla.org/security/advisories/mfsa2023-56 https://access.redhat.com/security/cve/CVE-2023-6863 https://bugzilla.redhat.com/show_bug.cgi?id=2255369 • CWE-20: Improper Input Validation •

CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0

A use-after-free was identified in the `nsDNSService::Init`. This issue appears to manifest rarely during start-up. This vulnerability affects Firefox ESR < 115.6 and Thunderbird < 115.6. Se identificó un use after free en `nsDNSService::Init`. Este problema parece manifestarse raramente durante el inicio. • https://bugzilla.mozilla.org/show_bug.cgi?id=1868042 https://lists.debian.org/debian-lts-announce/2023/12/msg00020.html https://lists.debian.org/debian-lts-announce/2023/12/msg00021.html https://security.gentoo.org/glsa/202401-10 https://www.debian.org/security/2023/dsa-5581 https://www.debian.org/security/2023/dsa-5582 https://www.mozilla.org/security/advisories/mfsa2023-54 https://www.mozilla.org/security/advisories/mfsa2023-55 https://access.redhat.com/security/cve/CVE- • CWE-416: Use After Free •

CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0

The `nsWindow::PickerOpen(void)` method was susceptible to a heap buffer overflow when running in headless mode. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121. El método `nsWindow::PickerOpen(void)` era susceptible a un desbordamiento de búfer de almacenamiento dinámico cuando se ejecutaba en modo headless. Esta vulnerabilidad afecta a Firefox ESR &lt;115.6, Thunderbird &lt;115.6 y Firefox &lt;121. The Mozilla Foundation Security Advisory describes this flaw as: The `nsWindow::PickerOpen(void)` method was susceptible to a heap buffer overflow when running in headless mode. • https://bugzilla.mozilla.org/show_bug.cgi?id=1864118 https://lists.debian.org/debian-lts-announce/2023/12/msg00020.html https://lists.debian.org/debian-lts-announce/2023/12/msg00021.html https://security.gentoo.org/glsa/202401-10 https://www.debian.org/security/2023/dsa-5581 https://www.debian.org/security/2023/dsa-5582 https://www.mozilla.org/security/advisories/mfsa2023-54 https://www.mozilla.org/security/advisories/mfsa2023-55 https://www.mozilla.org/security/advisories/mf • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •

CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0

The `VideoBridge` allowed any content process to use textures produced by remote decoders. This could be abused to escape the sandbox. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121. El "VideoBridge" permitía que cualquier proceso de contenido utilizara texturas producidas por decodificadores remotos. Se podría abusar de esto para escapar de la sandbox. • https://bugzilla.mozilla.org/show_bug.cgi?id=1854669 https://lists.debian.org/debian-lts-announce/2023/12/msg00020.html https://lists.debian.org/debian-lts-announce/2023/12/msg00021.html https://security.gentoo.org/glsa/202401-10 https://www.debian.org/security/2023/dsa-5581 https://www.debian.org/security/2023/dsa-5582 https://www.mozilla.org/security/advisories/mfsa2023-54 https://www.mozilla.org/security/advisories/mfsa2023-55 https://www.mozilla.org/security/advisories/mf • CWE-20: Improper Input Validation •

CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0

A use-after-free condition affected TLS socket creation when under memory pressure. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121. Una condición de use after free afectó la creación de sockets TLS cuando estaba bajo presión de memoria. Esta vulnerabilidad afecta a Firefox ESR &lt;115.6, Thunderbird &lt;115.6 y Firefox &lt;121. The Mozilla Foundation Security Advisory describes this flaw as: A use-after-free condition affected TLS socket creation when under memory pressure. • https://bugzilla.mozilla.org/show_bug.cgi?id=1840144 https://lists.debian.org/debian-lts-announce/2023/12/msg00020.html https://lists.debian.org/debian-lts-announce/2023/12/msg00021.html https://security.gentoo.org/glsa/202401-10 https://www.debian.org/security/2023/dsa-5581 https://www.debian.org/security/2023/dsa-5582 https://www.mozilla.org/security/advisories/mfsa2023-54 https://www.mozilla.org/security/advisories/mfsa2023-55 https://www.mozilla.org/security/advisories/mf • CWE-416: Use After Free •