Page 44 of 2526 results (0.003 seconds)

CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0

The search term could have been specified externally to trigger SQL injection. This vulnerability affects Firefox for iOS < 101. El término de búsqueda podría haberse especificado externamente para activar la inyección SQL. Esta vulnerabilidad afecta a Firefox para iOS &lt; 101. • https://bugzilla.mozilla.org/show_bug.cgi?id=1767205 https://www.mozilla.org/security/advisories/mfsa2022-23 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0

Under certain circumstances, a JavaScript alert (or prompt) could have been shown while another website was displayed underneath it. This could have been abused to trick the user. <br>*This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 97. • https://bugzilla.mozilla.org/show_bug.cgi?id=1743931 https://www.mozilla.org/security/advisories/mfsa2022-04 •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

When downloading an update for an addon, the downloaded addon update's version was not verified to match the version selected from the manifest. If the manifest had been tampered with on the server, an attacker could trick the browser into downgrading the addon to a prior version. This vulnerability affects Firefox < 102. Al descargar una actualización para un complemento, no se verificó que la versión de la actualización del complemento descargada coincidiera con la versión seleccionada en el manifiesto. Si el manifiesto hubiera sido manipulado en el servidor, un atacante podría engañar al navegador para que degradara el complemento a una versión anterior. • https://bugzilla.mozilla.org/show_bug.cgi?id=1766047 https://www.mozilla.org/security/advisories/mfsa2022-24 •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

Even when an iframe was sandboxed with <code>allow-top-navigation-by-user-activation</code>, if it received a redirect header to an external protocol the browser would process the redirect and prompt the user as appropriate. This vulnerability affects Firefox < 102. Incluso cuando un iframe estaba protegido con <code>allow-top-navigation-by-user-activation</code>, si recibía un encabezado de redireccionamiento a un protocolo externo, el navegador procesaría el redireccionamiento y avisaría al usuario según corresponda. Esta vulnerabilidad afecta a Firefox &lt; 102. • https://bugzilla.mozilla.org/show_bug.cgi?id=1677138 https://www.mozilla.org/security/advisories/mfsa2022-24 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

Mozilla developers Gabriele Svelto, Yulia Startsev, Andrew McCreight and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 106. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.<br />*Note*: This advisory was added on December 13th, 2022 after discovering it was inadvertently left out of the original advisory. The fix was included in the original release of Firefox 107. This vulnerability affects Firefox < 107. • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1584674%2C1791152%2C1792241%2C1792984%2C1793127%2C1794645 https://www.mozilla.org/security/advisories/mfsa2022-47 • CWE-787: Out-of-bounds Write •