Page 47 of 2167 results (0.008 seconds)

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2022-34475

https://notcve.org/view.php?id=CVE-2022-34475

SVG <code>&lt;use&gt;</code> tags that referenced a same-origin document could have resulted in script execution if attacker input was sanitized via the HTML Sanitizer API. This would have required the attacker to reference a same-origin JavaScript file containing the script to be executed. This vulnerability affects Firefox < 102. Las etiquetas SVG <code></code> que hacían referencia a un documento del mismo origen podrían haber dado lugar a la ejecución de un script si la entrada del atacante se hubiera sanitizado a través de la API HTML Sanitizer. Esto habría requerido que el atacante hiciera referencia a un archivo JavaScript del mismo origen que contenía el script a ejecutar. • https://bugzilla.mozilla.org/show_bug.cgi?id=1757210 https://www.mozilla.org/security/advisories/mfsa2022-24 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2022-34477

https://notcve.org/view.php?id=CVE-2022-34477

The MediaError message property should be consistent to avoid leaking information about cross-origin resources; however for a same-site cross-origin resource, the message could have leaked information enabling XS-Leaks attacks. This vulnerability affects Firefox < 102. La propiedad del mensaje MediaError debe ser coherente para evitar la filtración de información sobre recursos de origen cruzado; sin embargo, para un recurso de origen cruzado del mismo sitio, el mensaje podría haber filtrado información que permitiera ataques XS-Leaks. Esta vulnerabilidad afecta a Firefox &lt; 102. • https://bugzilla.mozilla.org/show_bug.cgi?id=1731614 https://www.mozilla.org/security/advisories/mfsa2022-24 •

CVSS: 5.9EPSS: 0%CPEs: 4EXPL: 0

CVE-2022-22746

https://notcve.org/view.php?id=CVE-2022-22746

A race condition could have allowed bypassing the fullscreen notification which could have lead to a fullscreen window spoof being unnoticed.<br>*This bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5. Una condición de ejecución podría haber permitido omitir la notificación de pantalla completa, lo que podría haber llevado a que una ventana falsa de pantalla completa pasara desapercibida. • https://bugzilla.mozilla.org/show_bug.cgi?id=1735071 https://www.mozilla.org/security/advisories/mfsa2022-01 https://www.mozilla.org/security/advisories/mfsa2022-02 https://www.mozilla.org/security/advisories/mfsa2022-03 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •

CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0

CVE-2022-46875

https://notcve.org/view.php?id=CVE-2022-46875

The executable file warning was not presented when downloading .atloc and .ftploc files, which can run commands on a user's computer. <br>*Note: This issue only affected Mac OS operating systems. Other operating systems are unaffected.*. This vulnerability affects Firefox < 108, Firefox ESR < 102.6, and Thunderbird < 102.6. • https://bugzilla.mozilla.org/show_bug.cgi?id=1786188 https://security.gentoo.org/glsa/202305-06 https://security.gentoo.org/glsa/202305-13 https://www.mozilla.org/security/advisories/mfsa2022-51 https://www.mozilla.org/security/advisories/mfsa2022-52 https://www.mozilla.org/security/advisories/mfsa2022-53 •

CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0

CVE-2022-46871 – Mozilla: libusrsctp library out of date

https://notcve.org/view.php?id=CVE-2022-46871

An out of date library (libusrsctp) contained vulnerabilities that could potentially be exploited. This vulnerability affects Firefox < 108. The Mozilla Foundation Security Advisory describes this flaw as: An out of date library (libusrsctp) contained vulnerabilities that could potentially be exploited. • https://bugzilla.mozilla.org/show_bug.cgi?id=1795697 https://lists.debian.org/debian-lts-announce/2023/01/msg00015.html https://lists.debian.org/debian-lts-announce/2023/02/msg00018.html https://security.gentoo.org/glsa/202305-06 https://security.gentoo.org/glsa/202305-13 https://www.debian.org/security/2023/dsa-5322 https://www.debian.org/security/2023/dsa-5355 https://www.mozilla.org/security/advisories/mfsa2022-51 https://access.redhat.com/security/cve/CVE-2022-46871 • CWE-1104: Use of Unmaintained Third Party Components •