Page 33 of 258 results (0.017 seconds)

CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0

When visiting directory listings for `chrome://` URLs as source text, some parameters were reflected. This vulnerability affects Firefox ESR < 102.1, Firefox ESR < 91.12, Firefox < 103, Thunderbird < 102.1, and Thunderbird < 91.12. Al visitar listados de directorios para URL `chrome://` como texto fuente, se reflejaron algunos parámetros. Esta vulnerabilidad afecta a Firefox ESR &lt; 102.1, Firefox ESR &lt; 91.12, Firefox &lt; 103, Thunderbird&lt; 102.1 y Thunderbird &lt; 91.12. A flaw was found in Mozilla. • https://bugzilla.mozilla.org/show_bug.cgi?id=1771774 https://www.mozilla.org/security/advisories/mfsa2022-28 https://www.mozilla.org/security/advisories/mfsa2022-29 https://www.mozilla.org/security/advisories/mfsa2022-30 https://www.mozilla.org/security/advisories/mfsa2022-31 https://www.mozilla.org/security/advisories/mfsa2022-32 https://access.redhat.com/security/cve/CVE-2022-36318 https://bugzilla.redhat.com/show_bug.cgi?id=2111908 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •

CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0

An OpenPGP digital signature includes information about the date when the signature was created. When displaying an email that contains a digital signature, the email's date will be shown. If the dates were different, then Thunderbird didn't report the email as having an invalid signature. If an attacker performed a replay attack, in which an old email with old contents are resent at a later time, it could lead the victim to believe that the statements in the email are current. Fixed versions of Thunderbird will require that the signature's date roughly matches the displayed date of the email. • https://bugzilla.mozilla.org/show_bug.cgi?id=1775441 https://www.mozilla.org/security/advisories/mfsa2022-26 https://access.redhat.com/security/cve/CVE-2022-2226 https://bugzilla.redhat.com/show_bug.cgi?id=2102204 • CWE-294: Authentication Bypass by Capture-replay CWE-357: Insufficient UI Warning of Dangerous Operations •

CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0

An iframe that was not permitted to run scripts could do so if the user clicked on a <code>javascript:</code> link. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11. Un iframe al que no se le permitía ejecutar scripts podría hacerlo si el usuario hacía clic en un enlace <code>javascript:</code>. Esta vulnerabilidad afecta a Firefox &lt; 102, Firefox ESR &lt; 91.11, Thunderbird &lt; 102 y Thunderbird &lt; 91.11. The Mozilla Foundation Security Advisory describes this flaw as: An iframe that was not permitted to run scripts could do so if the user clicked on a `javascript:` link. • https://bugzilla.mozilla.org/show_bug.cgi?id=1768537 https://www.mozilla.org/security/advisories/mfsa2022-24 https://www.mozilla.org/security/advisories/mfsa2022-25 https://www.mozilla.org/security/advisories/mfsa2022-26 https://access.redhat.com/security/cve/CVE-2022-34468 https://bugzilla.redhat.com/show_bug.cgi?id=2102163 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0

If there was a PAC URL set and the server that hosts the PAC was not reachable, OCSP requests would have been blocked, resulting in incorrect error pages being shown. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11. Si hubiera una URL de PAC configurada y no se pudiera acceder al servidor que aloja el PAC, las solicitudes de OCSP se habrían bloqueado, lo que provocaría que se mostraran páginas de error incorrectas. Esta vulnerabilidad afecta a Firefox &lt; 102, Firefox ESR &lt; 91.11, Thunderbird &lt; 102 y Thunderbird &lt; 91.11. A flaw was found in Mozilla. • https://bugzilla.mozilla.org/show_bug.cgi?id=1770123 https://www.mozilla.org/security/advisories/mfsa2022-24 https://www.mozilla.org/security/advisories/mfsa2022-25 https://www.mozilla.org/security/advisories/mfsa2022-26 https://access.redhat.com/security/cve/CVE-2022-34472 https://bugzilla.redhat.com/show_bug.cgi?id=2102166 • CWE-393: Return of Wrong Status Code •

CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0

In the <code>nsTArray_Impl::ReplaceElementsAt()</code> function, an integer overflow could have occurred when the number of elements to replace was too large for the container. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11. En la función <code>nsTArray_Impl::ReplaceElementsAt()</code>, podría haber ocurrido un desbordamiento de enteros cuando la cantidad de elementos a reemplazar era demasiado grande para el contenedor. Esta vulnerabilidad afecta a Firefox &lt; 102, Firefox ESR &lt; 91.11, Thunderbird &lt; 102 y Thunderbird &lt; 91.11. The Mozilla Foundation Security Advisory describes this flaw as: In the `nsTArray_Impl::ReplaceElementsAt()` function, where an integer overflow could occur when the number of elements to replace was too large for the container. • https://bugzilla.mozilla.org/show_bug.cgi?id=1497246 https://www.mozilla.org/security/advisories/mfsa2022-24 https://www.mozilla.org/security/advisories/mfsa2022-25 https://www.mozilla.org/security/advisories/mfsa2022-26 https://access.redhat.com/security/cve/CVE-2022-34481 https://bugzilla.redhat.com/show_bug.cgi?id=2102164 • CWE-190: Integer Overflow or Wraparound •