Page 46 of 237 results (0.006 seconds)

CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0

When interacting with an HTML input element's file picker dialog with webkitdirectory set, a use-after-free could have resulted, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. Cuando se interactúa con el diálogo del selector de archivos de un elemento de entrada HTML con webkitdirectory configurado, podría haberse producido un uso de memoria previamente liberada, conllevando a una corrupción de memoria y un bloqueo potencialmente explotable. Esta vulnerabilidad afecta a Firefox versiones anteriores a 94, Thunderbird versiones anteriores a 91.3 y Firefox ESR versiones anteriores a 91.3 The Mozilla Foundation Security Advisory describes this flaw as: When interacting with an HTML input element's file picker dialog with `webkitdirectory` set, a use-after-free could have resulted, leading to memory corruption and a potentially exploitable crash. • https://bugzilla.mozilla.org/show_bug.cgi?id=1730156 https://lists.debian.org/debian-lts-announce/2021/12/msg00030.html https://lists.debian.org/debian-lts-announce/2022/01/msg00001.html https://security.gentoo.org/glsa/202202-03 https://security.gentoo.org/glsa/202208-14 https://www.debian.org/security/2021/dsa-5026 https://www.debian.org/security/2022/dsa-5034 https://www.mozilla.org/security/advisories/mfsa2021-48 https://www.mozilla.org/security/advisories/mfsa2021-49 • CWE-416: Use After Free •

CVSS: 6.1EPSS: 1%CPEs: 6EXPL: 0

By displaying a form validity message in the correct location at the same time as a permission prompt (such as for geolocation), the validity message could have obscured the prompt, resulting in the user potentially being tricked into granting the permission. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. Al mostrar un mensaje de comprobación del formulario en la ubicación correcta al mismo tiempo que una solicitud de permiso (como para la geolocalización), el mensaje de comprobación podría haber ocultado la solicitud, resultando en que el usuario podría ser engañado para conceder el permiso. Esta vulnerabilidad afecta a Firefox versiones anteriores a 94, Thunderbird versiones anteriores a 91.3 y Firefox ESR versiones anteriores a 91.3 • https://bugzilla.mozilla.org/show_bug.cgi?id=1366818 https://lists.debian.org/debian-lts-announce/2021/12/msg00030.html https://lists.debian.org/debian-lts-announce/2022/01/msg00001.html https://security.gentoo.org/glsa/202202-03 https://security.gentoo.org/glsa/202208-14 https://www.debian.org/security/2021/dsa-5026 https://www.debian.org/security/2022/dsa-5034 https://www.mozilla.org/security/advisories/mfsa2021-48 https://www.mozilla.org/security/advisories/mfsa2021-49 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •

CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0

Due to an unusual sequence of attacker-controlled events, a Javascript alert() dialog with arbitrary (although unstyled) contents could be displayed over top an uncontrolled webpage of the attacker's choosing. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. Debido a una secuencia inusual de eventos controlados por el atacante, un diálogo Javascript alert() con contenido arbitrario (aunque sin estilo) podría mostrarse encima de una página web no controlada de la elección del atacante. Esta vulnerabilidad afecta a Firefox versiones anteriores a 94, Thunderbird versiones anteriores a 91.3 y Firefox ESR versiones anteriores a 91.3 • https://bugzilla.mozilla.org/show_bug.cgi?id=1718571 https://lists.debian.org/debian-lts-announce/2021/12/msg00030.html https://lists.debian.org/debian-lts-announce/2022/01/msg00001.html https://security.gentoo.org/glsa/202202-03 https://security.gentoo.org/glsa/202208-14 https://www.debian.org/security/2021/dsa-5026 https://www.debian.org/security/2022/dsa-5034 https://www.mozilla.org/security/advisories/mfsa2021-48 https://www.mozilla.org/security/advisories/mfsa2021-49 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •

CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 0

The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. Las reglas del sandbox de iframe no se aplicaban correctamente a las hojas de estilo XSLT, permitiendo a un iframe omitir restricciones como la ejecución de scripts o la navegación por el marco de nivel superior. Esta vulnerabilidad afecta a Firefox versiones anteriores a 94, Thunderbird versiones anteriores a 91.3 y Firefox ESR versiones anteriores a 91.3 The Mozilla Foundation Security Advisory describes this flaw as: The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame. • https://bugzilla.mozilla.org/show_bug.cgi?id=1729517 https://lists.debian.org/debian-lts-announce/2021/12/msg00030.html https://lists.debian.org/debian-lts-announce/2022/01/msg00001.html https://security.gentoo.org/glsa/202202-03 https://security.gentoo.org/glsa/202208-14 https://www.debian.org/security/2021/dsa-5026 https://www.debian.org/security/2022/dsa-5034 https://www.mozilla.org/security/advisories/mfsa2021-48 https://www.mozilla.org/security/advisories/mfsa2021-49 • CWE-732: Incorrect Permission Assignment for Critical Resource CWE-863: Incorrect Authorization •

CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0

Through a series of navigations, Firefox could have entered fullscreen mode without notification or warning to the user. This could lead to spoofing attacks on the browser UI including phishing. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. Mediante de una serie de navegaciones, Firefox podría haber entrado en modo de pantalla completa sin notificación o advertencia al usuario. Esto podría conllevar a ataques de suplantación de identidad en la Interfaz de Usuario del navegador, incluido el phishing. • https://bugzilla.mozilla.org/show_bug.cgi?id=1730750 https://lists.debian.org/debian-lts-announce/2021/12/msg00030.html https://lists.debian.org/debian-lts-announce/2022/01/msg00001.html https://security.gentoo.org/glsa/202202-03 https://security.gentoo.org/glsa/202208-14 https://www.debian.org/security/2021/dsa-5026 https://www.debian.org/security/2022/dsa-5034 https://www.mozilla.org/security/advisories/mfsa2021-48 https://www.mozilla.org/security/advisories/mfsa2021-49 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •