Page 34 of 772 results (0.016 seconds)

CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0

If an object prototype was corrupted by an attacker, they would have been able to set undesired attributes on a JavaScript object, leading to privileged code execution. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11. Si un atacante corrompiera el prototipo de un objeto, habría podido establecer atributos no deseados en un objeto JavaScript, lo que habría llevado a la ejecución de código privilegiado. Esta vulnerabilidad afecta a Firefox &lt; 102, Firefox ESR &lt; 91.11, Thunderbird &lt; 102 y Thunderbird &lt; 91.11. The Mozilla Foundation Security Advisory describes this flaw as: If an object prototype was corrupted by an attacker, they would have been able to set undesired attributes on a JavaScript object, leading to privileged code execution. • https://bugzilla.mozilla.org/show_bug.cgi?id=1771381 https://www.mozilla.org/security/advisories/mfsa2022-24 https://www.mozilla.org/security/advisories/mfsa2022-25 https://www.mozilla.org/security/advisories/mfsa2022-26 https://access.redhat.com/security/cve/CVE-2022-2200 https://bugzilla.redhat.com/show_bug.cgi?id=2102168 • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •

CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 1

The Mozilla Fuzzing Team reported potential vulnerabilities present in Thunderbird 91.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11. El equipo Mozilla Fuzzing informó sobre posibles vulnerabilidades presentes en Thunderbird 91.10. Algunos de estos errores mostraron evidencia de corrupción de memoria y suponemos que con suficiente esfuerzo algunos de ellos podrían haberse aprovechado para ejecutar código arbitrario. • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1763634%2C1772651 https://www.mozilla.org/security/advisories/mfsa2022-24 https://www.mozilla.org/security/advisories/mfsa2022-25 https://www.mozilla.org/security/advisories/mfsa2022-26 https://access.redhat.com/security/cve/CVE-2022-34484 https://bugzilla.redhat.com/show_bug.cgi?id=2102169 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-416: Use After Free •

CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0

Session history navigations may have led to a use-after-free and potentially exploitable crash. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11. Las navegaciones del historial de sesiones pueden haber provocado un bloqueo de use-after-free y potencialmente explotable. Esta vulnerabilidad afecta a Firefox &lt; 102, Firefox ESR &lt; 91.11, Thunderbird &lt; 102 y Thunderbird &lt; 91.11. The Mozilla Foundation Security Advisory describes this flaw as: Session history navigations may have led to a use-after-free and potentially exploitable crash. • https://bugzilla.mozilla.org/show_bug.cgi?id=1765951 https://www.mozilla.org/security/advisories/mfsa2022-24 https://www.mozilla.org/security/advisories/mfsa2022-25 https://www.mozilla.org/security/advisories/mfsa2022-26 https://access.redhat.com/security/cve/CVE-2022-34470 https://bugzilla.redhat.com/show_bug.cgi?id=2102162 • CWE-416: Use After Free •

CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0

An attacker could have injected CSS into stylesheets accessible via internal URIs, such as resource:, and in doing so bypass a page's Content Security Policy. This vulnerability affects Firefox ESR < 91.11, Thunderbird < 102, Thunderbird < 91.11, and Firefox < 101. Un atacante podría haber inyectado CSS en hojas de estilo accesibles a través de URI internos, como recurso:, y al hacerlo eludir la Política de seguridad de contenido de una página. Esta vulnerabilidad afecta a Firefox ESR &lt; 91.11, Thunderbird &lt; 102, Thunderbird&lt; 91.11 y Firefox &lt; 101. A flaw was found in Mozilla. • https://bugzilla.mozilla.org/show_bug.cgi?id=1757604 https://www.mozilla.org/security/advisories/mfsa2022-20 https://www.mozilla.org/security/advisories/mfsa2022-25 https://www.mozilla.org/security/advisories/mfsa2022-26 https://access.redhat.com/security/cve/CVE-2022-31744 https://bugzilla.redhat.com/show_bug.cgi?id=2102165 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

When displaying the sender of an email, and the sender name contained the Braille Pattern Blank space character multiple times, Thunderbird would have displayed all the spaces. This could have been used by an attacker to send an email message with the attacker's digital signature, that was shown with an arbitrary sender email address chosen by the attacker. If the sender name started with a false email address, followed by many Braille space characters, the attacker's email address was not visible. Because Thunderbird compared the invisible sender address with the signature's email address, if the signing key or certificate was accepted by Thunderbird, the email was shown as having a valid digital signature. This vulnerability affects Thunderbird < 91.10. • https://bugzilla.mozilla.org/show_bug.cgi?id=1767816 https://www.mozilla.org/security/advisories/mfsa2022-22 https://access.redhat.com/security/cve/CVE-2022-1834 https://bugzilla.redhat.com/show_bug.cgi?id=2092416 • CWE-295: Improper Certificate Validation CWE-349: Acceptance of Extraneous Untrusted Data With Trusted Data •