Page 34 of 1317 results (0.035 seconds)

CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0

In the <code>nsTArray_Impl::ReplaceElementsAt()</code> function, an integer overflow could have occurred when the number of elements to replace was too large for the container. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11. En la función <code>nsTArray_Impl::ReplaceElementsAt()</code>, podría haber ocurrido un desbordamiento de enteros cuando la cantidad de elementos a reemplazar era demasiado grande para el contenedor. Esta vulnerabilidad afecta a Firefox &lt; 102, Firefox ESR &lt; 91.11, Thunderbird &lt; 102 y Thunderbird &lt; 91.11. The Mozilla Foundation Security Advisory describes this flaw as: In the `nsTArray_Impl::ReplaceElementsAt()` function, where an integer overflow could occur when the number of elements to replace was too large for the container. • https://bugzilla.mozilla.org/show_bug.cgi?id=1497246 https://www.mozilla.org/security/advisories/mfsa2022-24 https://www.mozilla.org/security/advisories/mfsa2022-25 https://www.mozilla.org/security/advisories/mfsa2022-26 https://access.redhat.com/security/cve/CVE-2022-34481 https://bugzilla.redhat.com/show_bug.cgi?id=2102164 • CWE-190: Integer Overflow or Wraparound •

CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0

A malicious website that could create a popup could have resized the popup to overlay the address bar with its own content, resulting in potential user confusion or spoofing attacks. <br>*This bug only affects Thunderbird for Linux. Other operating systems are unaffected.*. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11. Un sitio web malicioso que podría crear una ventana emergente podría haber cambiado el tamaño de la ventana emergente para superponer la barra de direcciones con su propio contenido, lo que podría generar confusión en el usuario o ataques de suplantación de identidad. • https://bugzilla.mozilla.org/show_bug.cgi?id=1745595 https://www.mozilla.org/security/advisories/mfsa2022-24 https://www.mozilla.org/security/advisories/mfsa2022-25 https://www.mozilla.org/security/advisories/mfsa2022-26 https://access.redhat.com/security/cve/CVE-2022-34479 https://bugzilla.redhat.com/show_bug.cgi?id=2102161 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •

CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0

If an object prototype was corrupted by an attacker, they would have been able to set undesired attributes on a JavaScript object, leading to privileged code execution. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11. Si un atacante corrompiera el prototipo de un objeto, habría podido establecer atributos no deseados en un objeto JavaScript, lo que habría llevado a la ejecución de código privilegiado. Esta vulnerabilidad afecta a Firefox &lt; 102, Firefox ESR &lt; 91.11, Thunderbird &lt; 102 y Thunderbird &lt; 91.11. The Mozilla Foundation Security Advisory describes this flaw as: If an object prototype was corrupted by an attacker, they would have been able to set undesired attributes on a JavaScript object, leading to privileged code execution. • https://bugzilla.mozilla.org/show_bug.cgi?id=1771381 https://www.mozilla.org/security/advisories/mfsa2022-24 https://www.mozilla.org/security/advisories/mfsa2022-25 https://www.mozilla.org/security/advisories/mfsa2022-26 https://access.redhat.com/security/cve/CVE-2022-2200 https://bugzilla.redhat.com/show_bug.cgi?id=2102168 • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •

CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 1

The Mozilla Fuzzing Team reported potential vulnerabilities present in Thunderbird 91.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11. El equipo Mozilla Fuzzing informó sobre posibles vulnerabilidades presentes en Thunderbird 91.10. Algunos de estos errores mostraron evidencia de corrupción de memoria y suponemos que con suficiente esfuerzo algunos de ellos podrían haberse aprovechado para ejecutar código arbitrario. • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1763634%2C1772651 https://www.mozilla.org/security/advisories/mfsa2022-24 https://www.mozilla.org/security/advisories/mfsa2022-25 https://www.mozilla.org/security/advisories/mfsa2022-26 https://access.redhat.com/security/cve/CVE-2022-34484 https://bugzilla.redhat.com/show_bug.cgi?id=2102169 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-416: Use After Free •

CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0

Session history navigations may have led to a use-after-free and potentially exploitable crash. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11. Las navegaciones del historial de sesiones pueden haber provocado un bloqueo de use-after-free y potencialmente explotable. Esta vulnerabilidad afecta a Firefox &lt; 102, Firefox ESR &lt; 91.11, Thunderbird &lt; 102 y Thunderbird &lt; 91.11. The Mozilla Foundation Security Advisory describes this flaw as: Session history navigations may have led to a use-after-free and potentially exploitable crash. • https://bugzilla.mozilla.org/show_bug.cgi?id=1765951 https://www.mozilla.org/security/advisories/mfsa2022-24 https://www.mozilla.org/security/advisories/mfsa2022-25 https://www.mozilla.org/security/advisories/mfsa2022-26 https://access.redhat.com/security/cve/CVE-2022-34470 https://bugzilla.redhat.com/show_bug.cgi?id=2102162 • CWE-416: Use After Free •