Page 52 of 304 results (0.019 seconds)

CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0

Through complicated navigations with new windows, an HTTP page could have inherited a secure lock icon from an HTTPS page. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88. Mediante navegaciones complicadas con nuevas ventanas, una página HTTP podría haber heredado un icono de bloqueo seguro de una página HTTPS. Esta vulnerabilidad afecta a Firefox ESR versiones anteriores a 78.10, Thunderbird versiones anteriores a 78.10 y Firefox versiones anteriores a 88 • https://bugzilla.mozilla.org/show_bug.cgi?id=1667456 https://www.mozilla.org/security/advisories/mfsa2021-14 https://www.mozilla.org/security/advisories/mfsa2021-15 https://www.mozilla.org/security/advisories/mfsa2021-16 https://access.redhat.com/security/cve/CVE-2021-23998 https://bugzilla.redhat.com/show_bug.cgi?id=1951366 • CWE-281: Improper Preservation of Permissions CWE-345: Insufficient Verification of Data Authenticity •

CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 1

If a Blob URL was loaded through some unusual user interaction, it could have been loaded by the System Principal and granted additional privileges that should not be granted to web content. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88. Si una URL Blob se cargó mediante alguna interacción inusual del usuario, podría haber sido cargada por el Principal del Sistema y conceder privilegios adicionales que no deberían concederse al contenido web. Esta vulnerabilidad afecta a Firefox ESR versiones anteriores a 78.10, Thunderbird versiones anteriores a 78.10 y Firefox versiones anteriores a 88 • https://bugzilla.mozilla.org/show_bug.cgi?id=1691153 https://www.mozilla.org/security/advisories/mfsa2021-14 https://www.mozilla.org/security/advisories/mfsa2021-15 https://www.mozilla.org/security/advisories/mfsa2021-16 https://access.redhat.com/security/cve/CVE-2021-23999 https://bugzilla.redhat.com/show_bug.cgi?id=1951368 • CWE-269: Improper Privilege Management CWE-281: Improper Preservation of Permissions CWE-697: Incorrect Comparison •

CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0

The WebAssembly JIT could miscalculate the size of a return type, which could lead to a null read and result in a crash. *Note: This issue only affected x86-32 platforms. Other platforms are unaffected.*. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88. El JIT de WebAssembly podía calcular mal el tamaño de un tipo de retorno, lo que podía conllevar a una lectura nula y resultar en un bloqueo. • https://bugzilla.mozilla.org/show_bug.cgi?id=1700690 https://www.mozilla.org/security/advisories/mfsa2021-14 https://www.mozilla.org/security/advisories/mfsa2021-15 https://www.mozilla.org/security/advisories/mfsa2021-16 https://access.redhat.com/security/cve/CVE-2021-29945 https://bugzilla.redhat.com/show_bug.cgi?id=1951370 • CWE-476: NULL Pointer Dereference CWE-682: Incorrect Calculation •

CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0

A malicious extension could have opened a popup window lacking an address bar. The title of the popup lacking an address bar should not be fully controllable, but in this situation was. This could have been used to spoof a website and attempt to trick the user into providing credentials. This vulnerability affects Firefox ESR < 78.9, Firefox < 87, and Thunderbird < 78.9. Una extensión maliciosa podría haber abierto una ventana emergente sin una barra de direcciones. • https://bugzilla.mozilla.org/show_bug.cgi?id=1693664 https://www.mozilla.org/security/advisories/mfsa2021-10 https://www.mozilla.org/security/advisories/mfsa2021-11 https://www.mozilla.org/security/advisories/mfsa2021-12 https://access.redhat.com/security/cve/CVE-2021-23984 https://bugzilla.redhat.com/show_bug.cgi?id=1942786 • CWE-290: Authentication Bypass by Spoofing CWE-1021: Improper Restriction of Rendered UI Layers or Frames •

CVSS: 8.1EPSS: 0%CPEs: 3EXPL: 0

A texture upload of a Pixel Buffer Object could have confused the WebGL code to skip binding the buffer used to unpack it, resulting in memory corruption and a potentially exploitable information leak or crash. This vulnerability affects Firefox ESR < 78.9, Firefox < 87, and Thunderbird < 78.9. Una carga de textura de un Objeto de Búfer de Píxeles podría haber confundido el código WebGL para omitir el enlace del búfer usado para descomprimirlo, resultando en la corrupción de la memoria y una filtración o bloqueo de información potencialmente explotable. Esta vulnerabilidad afecta a Firefox ESR versión 78.9, Firefox versiones anteriores a 87, and Thunderbird versiones anteriores a 78.9. The Mozilla Foundation Security Advisory describes this issue as: A texture upload of a Pixel Buffer Object could have confused the WebGL code to skip binding the buffer used to unpack it, resulting in memory corruption and a potentially exploitable information leak or crash. • https://bugzilla.mozilla.org/show_bug.cgi?id=1692832 https://www.mozilla.org/security/advisories/mfsa2021-10 https://www.mozilla.org/security/advisories/mfsa2021-11 https://www.mozilla.org/security/advisories/mfsa2021-12 https://access.redhat.com/security/cve/CVE-2021-23981 https://bugzilla.redhat.com/show_bug.cgi?id=1942783 • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •