Page 374 of 2504 results (0.008 seconds)

CVSS: 6.8EPSS: 0%CPEs: 206EXPL: 0

CVE-2011-2605 – Mozilla Miscellaneous memory safety hazards (MFSA 2011-19)

https://notcve.org/view.php?id=CVE-2011-2605

CRLF injection vulnerability in the nsCookieService::SetCookieStringInternal function in netwerk/cookie/nsCookieService.cpp in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, and Thunderbird before 3.1.11, allows remote attackers to bypass intended access restrictions via a string containing a \n (newline) character, which is not properly handled in a JavaScript "document.cookie =" expression, a different vulnerability than CVE-2011-2374. Inyección CRLF en la función nsCookieService::SetCookieStringInternal en netwerk/cookie/nsCookieService.cpp de Mozilla Firefox antes de v3.6.18 y v4.x hasta 4.0.1 y Thunderbird antes de v3.1.11, permite a atacantes remotos evitar las restricciones de acceso a través de una cadena que contiene un carácter \n (nueva línea) , que no se maneja en una expresion "document.cookie =" de JavaScript es una vulnerabilidad diferente a CVE-2011-2374. • http://www.mozilla.org/security/announce/2011/mfsa2011-19.html http://www.redhat.com/support/errata/RHSA-2011-0885.html http://www.redhat.com/support/errata/RHSA-2011-0886.html http://www.redhat.com/support/errata/RHSA-2011-0887.html http://www.redhat.com/support/errata/RHSA-2011-0888.html https://bugzilla.mozilla.org/show_bug.cgi?id=643051 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14401 https://access.redhat.com/security/cve/CVE-2 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 4.3EPSS: 0%CPEs: 14EXPL: 1

CVE-2011-2598

https://notcve.org/view.php?id=CVE-2011-2598

The WebGL implementation in Mozilla Firefox 4.x allows remote attackers to obtain screenshots of the windows of arbitrary desktop applications via vectors involving an SVG filter, an IFRAME element, and uninitialized data in graphics memory. La implementación de WebGL en Mozilla Firefox v4.x permite a atacantes remotos obtener imágenes de las ventanas de las aplicaciones de escritorio de su elección a través de vectores que implican un filtro SVG, un elemento IFRAME, y los datos sin inicializar en la memoria de gráficos. • http://blog.mozilla.com/security/2011/06/16/webgl-graphics-memory-stealing-issue http://www.contextis.com/resources/blog/webgl2 http://www.securityfocus.com/bid/48319 http://www.theregister.co.uk/2011/06/16/webgl_security_threats_redux https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14207 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 4.3EPSS: 1%CPEs: 225EXPL: 2

CVE-2011-2366

https://notcve.org/view.php?id=CVE-2011-2366

Mozilla Gecko before 5.0, as used in Firefox before 5.0 and Thunderbird before 5.0, does not block use of a cross-domain image as a WebGL texture, which allows remote attackers to obtain approximate copies of arbitrary images via a timing attack involving a crafted WebGL fragment shader. Mozilla Gecko usado en Firefox v5.0 y Thunderbird antes de v5.0, no bloquea el uso de una imagen como textura WebGL en dominios cruzados, lo que permite a atacantes remotos obtener copias aproximadas de imágenes arbitrarias mediante un ataque de temporizacion mediante la participación de un fragmento sombreado manipulado en WebGL. • http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00001.html http://lists.whatwg.org/pipermail/whatwg-whatwg.org/2011-March/030882.html http://www.contextis.co.uk/resources/blog/webgl http://www.mozilla.org/security/announce/2011/mfsa2011-25.html https://bugzilla.mozilla.org/show_bug.cgi?id=655987 https://bugzilla.mozilla.org/show_bug.cgi?id=656277 https://bugzilla.mozilla.org/show_bug.cgi?id=659349 https://developer.mozilla.org/en/WebGL/Cross-Domain_Textures https: • CWE-20: Improper Input Validation •

CVSS: 6.4EPSS: 0%CPEs: 14EXPL: 0

CVE-2011-2367

https://notcve.org/view.php?id=CVE-2011-2367

The WebGL implementation in Mozilla Firefox 4.x through 4.0.1 does not properly restrict read operations, which allows remote attackers to obtain sensitive information from GPU memory associated with an arbitrary process, or cause a denial of service (application crash), via unspecified vectors. La implementación de WebGL en Mozilla Firefox v4.x hasta v4.0.1 no restringe bien las operaciones de lectura, lo que permite a atacantes remotos obtener información sensible de la memoria de la GPU asociada con un proceso arbitrario o causar una denegación de servicio (caída de aplicación ), a través de vectores no especificados. • http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00001.html http://www.mozilla.org/security/announce/2011/mfsa2011-26.html https://bugzilla.mozilla.org/show_bug.cgi?id=656752 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14302 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 10.0EPSS: 3%CPEs: 14EXPL: 0

CVE-2011-2368

https://notcve.org/view.php?id=CVE-2011-2368

The WebGL implementation in Mozilla Firefox 4.x through 4.0.1 does not properly restrict write operations, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. La implementación de WebGL en Mozilla Firefox v4.x hasta v4.0.1 no restringe correctamente las operaciones de escritura, lo que permite a atacantes remotos ejecutar código de su elección o causar una denegación de servicio (caída de aplicación) a través de vectores no especificados. • http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00001.html http://www.mozilla.org/security/announce/2011/mfsa2011-26.html https://bugzilla.mozilla.org/show_bug.cgi?id=657201 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13912 • CWE-264: Permissions, Privileges, and Access Controls •