Page 35 of 1313 results (0.009 seconds)

CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0

Mozilla developers Andrew McCreight, Nicolas B. Pierron, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 100 and Firefox ESR 91.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10. Los desarrolladores de Mozilla, Andrew McCreight, Nicolas B. • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1760765%2C1765610%2C1766283%2C1767365%2C1768559%2C1768734 https://www.mozilla.org/security/advisories/mfsa2022-20 https://www.mozilla.org/security/advisories/mfsa2022-21 https://www.mozilla.org/security/advisories/mfsa2022-22 https://access.redhat.com/security/cve/CVE-2022-31747 https://bugzilla.redhat.com/show_bug.cgi?id=2092026 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-125: Out-of-bounds Read CWE-416: Use After Free CWE-787: Out-of-bounds Write •

CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0

On arm64, WASM code could have resulted in incorrect assembly generation leading to a register allocation problem, and a potentially exploitable crash. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10. En arm64, el código WASM podría haber dado lugar a una generación de ensamblaje incorrecta, lo que provocó un problema de asignación de registros y un bloqueo potencialmente explotable. Esta vulnerabilidad afecta a Thunderbird &lt; 91.10, Firefox &lt; 101 y Firefox ESR &lt; 91.10. The Mozilla Foundation Security Advisory describes this flaw as: On arm64, WASM code could have resulted in incorrect assembly generation leading to a register allocation problem, and a potentially exploitable crash. • https://bugzilla.mozilla.org/show_bug.cgi?id=1766806 https://www.mozilla.org/security/advisories/mfsa2022-20 https://www.mozilla.org/security/advisories/mfsa2022-21 https://www.mozilla.org/security/advisories/mfsa2022-22 https://access.redhat.com/security/cve/CVE-2022-31740 https://bugzilla.redhat.com/show_bug.cgi?id=2092023 • CWE-770: Allocation of Resources Without Limits or Throttling •

CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0

A crafted CMS message could have been processed incorrectly, leading to an invalid memory read, and potentially further memory corruption. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10. Un mensaje CMS manipulado podría haberse procesado incorrectamente, lo que habría provocado una lectura de memoria no válida y, potencialmente, una mayor corrupción de la memoria. Esta vulnerabilidad afecta a Thunderbird &lt; 91.10, Firefox &lt; 101 y Firefox ESR &lt; 91.10. The Mozilla Foundation Security Advisory describes this flaw as: A crafted CMS message could have been processed incorrectly, leading to an invalid memory read, and potentially further memory corruption. • https://bugzilla.mozilla.org/show_bug.cgi?id=1767590 https://www.mozilla.org/security/advisories/mfsa2022-20 https://www.mozilla.org/security/advisories/mfsa2022-21 https://www.mozilla.org/security/advisories/mfsa2022-22 https://access.redhat.com/security/cve/CVE-2022-31741 https://bugzilla.redhat.com/show_bug.cgi?id=2092024 • CWE-457: Use of Uninitialized Variable CWE-908: Use of Uninitialized Resource •

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0

When exiting fullscreen mode, an iframe could have confused the browser about the current state of fullscreen, resulting in potential user confusion or spoofing attacks. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10. Al salir del modo de pantalla completa, un iframe podría haber confundido al navegador sobre el estado actual de la pantalla completa, lo que podría generar confusión en el usuario o ataques de suplantación de identidad. Esta vulnerabilidad afecta a Thunderbird &lt; 91.10, Firefox &lt; 101 y Firefox ESR &lt; 91.10. A flaw was found in Mozilla. • https://bugzilla.mozilla.org/show_bug.cgi?id=1756388 https://www.mozilla.org/security/advisories/mfsa2022-20 https://www.mozilla.org/security/advisories/mfsa2022-21 https://www.mozilla.org/security/advisories/mfsa2022-22 https://access.redhat.com/security/cve/CVE-2022-31738 https://bugzilla.redhat.com/show_bug.cgi?id=2092021 • CWE-290: Authentication Bypass by Spoofing CWE-1021: Improper Restriction of Rendered UI Layers or Frames •

CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0

A malicious webpage could have caused an out-of-bounds write in WebGL, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10. Una página web maliciosa podría haber provocado una escritura fuera de los límites en WebGL, lo que habría provocado daños en la memoria y un bloqueo potencialmente explotable. Esta vulnerabilidad afecta a Thunderbird &lt; 91.10, Firefox &lt; 101 y Firefox ESR &lt; 91.10. The Mozilla Foundation Security Advisory describes this flaw as: A malicious webpage could have caused an out-of-bounds write in WebGL, leading to memory corruption and a potentially exploitable crash. • https://bugzilla.mozilla.org/show_bug.cgi?id=1743767 https://www.mozilla.org/security/advisories/mfsa2022-20 https://www.mozilla.org/security/advisories/mfsa2022-21 https://www.mozilla.org/security/advisories/mfsa2022-22 https://access.redhat.com/security/cve/CVE-2022-31737 https://bugzilla.redhat.com/show_bug.cgi?id=2092019 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •