Page 42 of 1340 results (0.015 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

The MediaError message property should be consistent to avoid leaking information about cross-origin resources; however for a same-site cross-origin resource, the message could have leaked information enabling XS-Leaks attacks. This vulnerability affects Firefox < 102. La propiedad del mensaje MediaError debe ser coherente para evitar la filtración de información sobre recursos de origen cruzado; sin embargo, para un recurso de origen cruzado del mismo sitio, el mensaje podría haber filtrado información que permitiera ataques XS-Leaks. Esta vulnerabilidad afecta a Firefox &lt; 102. • https://bugzilla.mozilla.org/show_bug.cgi?id=1731614 https://www.mozilla.org/security/advisories/mfsa2022-24 •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

By using XSL Transforms, a malicious webserver could have served a user an XSL document that would continue to execute JavaScript (within the bounds of the same-origin policy) even after the tab was closed. This vulnerability affects Firefox < 97. Al utilizar transformaciones XSL, un servidor web malicioso podría haber entregado a un usuario un documento XSL que continuaría ejecutando JavaScript (dentro de los límites de la política del mismo origen) incluso después de cerrar la pestaña. Esta vulnerabilidad afecta a Firefox &lt; 97. • https://bugzilla.mozilla.org/show_bug.cgi?id=1309630 https://www.mozilla.org/security/advisories/mfsa2022-04 • CWE-672: Operation on a Resource after Expiration or Release •

CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0

When a TLS Certificate error occurs on a domain protected by the HSTS header, the browser should not allow the user to bypass the certificate error. On Firefox for Android, the user was presented with the option to bypass the error; this could only have been done by the user explicitly. <br>*This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 102. • https://bugzilla.mozilla.org/show_bug.cgi?id=1721220 https://www.mozilla.org/security/advisories/mfsa2022-24 • CWE-295: Improper Certificate Validation •

CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1

When transitioning in and out of fullscreen mode, a graphics object was not correctly protected; resulting in memory corruption and a potentially exploitable crash.<br>*This bug only affects Firefox on MacOS. Other operating systems are unaffected.*. This vulnerability affects Firefox < 95. Al entrar y salir del modo de pantalla completa, un objeto gráfico no estaba protegido correctamente; lo que resulta en daños en la memoria y un bloqueo potencialmente explotable. • https://bugzilla.mozilla.org/show_bug.cgi?id=1735852 https://www.mozilla.org/security/advisories/mfsa2021-52 • CWE-416: Use After Free •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

When loading a script with Subresource Integrity, attackers with an injection capability could trigger the reuse of previously cached entries with incorrect, different integrity metadata. This vulnerability affects Firefox < 103. Al cargar un script con Subresource Integrity, los atacantes con capacidad de inyección podrían desencadenar la reutilización de entradas previamente almacenadas en caché con metadatos de integridad incorrectos y diferentes. Esta vulnerabilidad afecta a Firefox &lt; 103. • https://bugzilla.mozilla.org/show_bug.cgi?id=1762520 https://www.mozilla.org/security/advisories/mfsa2022-28 •