Page 47 of 634 results (0.008 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2022-34477

https://notcve.org/view.php?id=CVE-2022-34477

The MediaError message property should be consistent to avoid leaking information about cross-origin resources; however for a same-site cross-origin resource, the message could have leaked information enabling XS-Leaks attacks. This vulnerability affects Firefox < 102. La propiedad del mensaje MediaError debe ser coherente para evitar la filtración de información sobre recursos de origen cruzado; sin embargo, para un recurso de origen cruzado del mismo sitio, el mensaje podría haber filtrado información que permitiera ataques XS-Leaks. Esta vulnerabilidad afecta a Firefox &lt; 102. • https://bugzilla.mozilla.org/show_bug.cgi?id=1731614 https://www.mozilla.org/security/advisories/mfsa2022-24 •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2022-31746

https://notcve.org/view.php?id=CVE-2022-31746

Internal URLs are protected by a secret UUID key, which could have been leaked to web page through the Referrer header. This vulnerability affects Firefox for iOS < 102. Las URL internas están protegidas por una clave UUID secreta, que podría haberse filtrado a la página web a través del encabezado Referrer. Esta vulnerabilidad afecta a Firefox para iOS &lt; 102. • https://bugzilla.mozilla.org/show_bug.cgi?id=1654416 https://www.mozilla.org/security/advisories/mfsa2022-27 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 1

CVE-2022-22750

https://notcve.org/view.php?id=CVE-2022-22750

By generally accepting and passing resource handles across processes, a compromised content process might have confused higher privileged processes to interact with handles that the unprivileged process should not have access to.<br>*This bug only affects Firefox for Windows and MacOS. Other operating systems are unaffected.*. This vulnerability affects Firefox < 96. Al aceptar y pasar identificadores de recursos en general entre procesos, un proceso de contenido comprometido podría haber confundido procesos con mayores privilegios para interactuar con identificadores a los que el proceso sin privilegios no debería tener acceso. • https://bugzilla.mozilla.org/show_bug.cgi?id=1566608 https://www.mozilla.org/security/advisories/mfsa2022-01 •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2022-46879

https://notcve.org/view.php?id=CVE-2022-46879

Mozilla developers and community members Lukas Bernhard, Gabriele Svelto, Randell Jesup, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 107. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 108. • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1736224%2C1793407%2C1794249%2C1795845%2C1797682%2C1797720%2C1798494%2C1799479 https://security.gentoo.org/glsa/202305-06 https://www.mozilla.org/security/advisories/mfsa2022-51 • CWE-787: Out-of-bounds Write •

CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0

CVE-2022-46877 – Mozilla: Fullscreen notification bypass

https://notcve.org/view.php?id=CVE-2022-46877

By confusing the browser, the fullscreen notification could have been delayed or suppressed, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox < 108. The Mozilla Foundation Security Advisory describes this flaw as: By confusing the browser, the fullscreen notification could have been delayed or suppressed, resulting in potential user confusion or spoofing attacks. • https://bugzilla.mozilla.org/show_bug.cgi?id=1795139 https://lists.debian.org/debian-lts-announce/2023/01/msg00015.html https://lists.debian.org/debian-lts-announce/2023/02/msg00018.html https://security.gentoo.org/glsa/202305-06 https://security.gentoo.org/glsa/202305-13 https://www.debian.org/security/2023/dsa-5322 https://www.debian.org/security/2023/dsa-5355 https://www.mozilla.org/security/advisories/mfsa2022-51 https://access.redhat.com/security/cve/CVE-2022-46877 • CWE-357: Insufficient UI Warning of Dangerous Operations •