Page 34 of 638 results (0.010 seconds)

CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0

CVE-2022-31736 – Mozilla: Cross-Origin resource's length leaked

https://notcve.org/view.php?id=CVE-2022-31736

A malicious website could have learned the size of a cross-origin resource that supported Range requests. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10. Un sitio web malicioso podría haber aprendido el tamaño de un recurso de origen cruzado que admitiera solicitudes de rango. Esta vulnerabilidad afecta a Thunderbird &lt; 91.10, Firefox &lt; 101 y Firefox ESR &lt; 91.10. The Mozilla Foundation Security Advisory describes this flaw as: A malicious website that could have learned the size of a cross-origin resource that supported Range requests. • https://bugzilla.mozilla.org/show_bug.cgi?id=1735923 https://www.mozilla.org/security/advisories/mfsa2022-20 https://www.mozilla.org/security/advisories/mfsa2022-21 https://www.mozilla.org/security/advisories/mfsa2022-22 https://access.redhat.com/security/cve/CVE-2022-31736 https://bugzilla.redhat.com/show_bug.cgi?id=2092018 • CWE-829: Inclusion of Functionality from Untrusted Control Sphere •

CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0

CVE-2022-31737 – Mozilla: Heap buffer overflow in WebGL

https://notcve.org/view.php?id=CVE-2022-31737

A malicious webpage could have caused an out-of-bounds write in WebGL, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10. Una página web maliciosa podría haber provocado una escritura fuera de los límites en WebGL, lo que habría provocado daños en la memoria y un bloqueo potencialmente explotable. Esta vulnerabilidad afecta a Thunderbird &lt; 91.10, Firefox &lt; 101 y Firefox ESR &lt; 91.10. The Mozilla Foundation Security Advisory describes this flaw as: A malicious webpage could have caused an out-of-bounds write in WebGL, leading to memory corruption and a potentially exploitable crash. • https://bugzilla.mozilla.org/show_bug.cgi?id=1743767 https://www.mozilla.org/security/advisories/mfsa2022-20 https://www.mozilla.org/security/advisories/mfsa2022-21 https://www.mozilla.org/security/advisories/mfsa2022-22 https://access.redhat.com/security/cve/CVE-2022-31737 https://bugzilla.redhat.com/show_bug.cgi?id=2092019 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0

CVE-2022-31738 – Mozilla: Browser window spoof using fullscreen mode

https://notcve.org/view.php?id=CVE-2022-31738

When exiting fullscreen mode, an iframe could have confused the browser about the current state of fullscreen, resulting in potential user confusion or spoofing attacks. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10. Al salir del modo de pantalla completa, un iframe podría haber confundido al navegador sobre el estado actual de la pantalla completa, lo que podría generar confusión en el usuario o ataques de suplantación de identidad. Esta vulnerabilidad afecta a Thunderbird &lt; 91.10, Firefox &lt; 101 y Firefox ESR &lt; 91.10. A flaw was found in Mozilla. • https://bugzilla.mozilla.org/show_bug.cgi?id=1756388 https://www.mozilla.org/security/advisories/mfsa2022-20 https://www.mozilla.org/security/advisories/mfsa2022-21 https://www.mozilla.org/security/advisories/mfsa2022-22 https://access.redhat.com/security/cve/CVE-2022-31738 https://bugzilla.redhat.com/show_bug.cgi?id=2092021 • CWE-290: Authentication Bypass by Spoofing CWE-1021: Improper Restriction of Rendered UI Layers or Frames •

CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0

CVE-2022-31740 – Mozilla: Register allocation problem in WASM on arm64

https://notcve.org/view.php?id=CVE-2022-31740

On arm64, WASM code could have resulted in incorrect assembly generation leading to a register allocation problem, and a potentially exploitable crash. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10. En arm64, el código WASM podría haber dado lugar a una generación de ensamblaje incorrecta, lo que provocó un problema de asignación de registros y un bloqueo potencialmente explotable. Esta vulnerabilidad afecta a Thunderbird &lt; 91.10, Firefox &lt; 101 y Firefox ESR &lt; 91.10. The Mozilla Foundation Security Advisory describes this flaw as: On arm64, WASM code could have resulted in incorrect assembly generation leading to a register allocation problem, and a potentially exploitable crash. • https://bugzilla.mozilla.org/show_bug.cgi?id=1766806 https://www.mozilla.org/security/advisories/mfsa2022-20 https://www.mozilla.org/security/advisories/mfsa2022-21 https://www.mozilla.org/security/advisories/mfsa2022-22 https://access.redhat.com/security/cve/CVE-2022-31740 https://bugzilla.redhat.com/show_bug.cgi?id=2092023 • CWE-770: Allocation of Resources Without Limits or Throttling •

CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0

CVE-2022-31741 – Mozilla: Uninitialized variable leads to invalid memory read

https://notcve.org/view.php?id=CVE-2022-31741

A crafted CMS message could have been processed incorrectly, leading to an invalid memory read, and potentially further memory corruption. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10. Un mensaje CMS manipulado podría haberse procesado incorrectamente, lo que habría provocado una lectura de memoria no válida y, potencialmente, una mayor corrupción de la memoria. Esta vulnerabilidad afecta a Thunderbird &lt; 91.10, Firefox &lt; 101 y Firefox ESR &lt; 91.10. The Mozilla Foundation Security Advisory describes this flaw as: A crafted CMS message could have been processed incorrectly, leading to an invalid memory read, and potentially further memory corruption. • https://bugzilla.mozilla.org/show_bug.cgi?id=1767590 https://www.mozilla.org/security/advisories/mfsa2022-20 https://www.mozilla.org/security/advisories/mfsa2022-21 https://www.mozilla.org/security/advisories/mfsa2022-22 https://access.redhat.com/security/cve/CVE-2022-31741 https://bugzilla.redhat.com/show_bug.cgi?id=2092024 • CWE-457: Use of Uninitialized Variable CWE-908: Use of Uninitialized Resource •