Page 61 of 1004 results (0.015 seconds)

CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0

When flex-basis was used on a table wrapper, a StyleGenericFlexBasis object could have been incorrectly cast to the wrong type. This resulted in a heap user-after-free, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6. Cuando flex-basis fue usada en un contenedor de tabla, un objeto StyleGenericFlexBasis podría haberse convertido incorrectamente en el tipo equivocado.&#xa0;Esto resultó en uso de la memoria previamente liberada de la pila, una corrupción de la memoria y un bloqueo potencialmente explotable. • https://bugzilla.mozilla.org/show_bug.cgi?id=1681022 https://www.mozilla.org/security/advisories/mfsa2020-54 https://www.mozilla.org/security/advisories/mfsa2020-55 https://www.mozilla.org/security/advisories/mfsa2020-56 https://access.redhat.com/security/cve/CVE-2020-26974 https://bugzilla.redhat.com/show_bug.cgi?id=1908024 • CWE-416: Use After Free CWE-787: Out-of-bounds Write •

CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0

Using techniques that built on the slipstream research, a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6. Usando técnicas que se basaron en la investigación de slipstream, una página web maliciosa podría haber expuesto tanto los hosts de una red interna como los servicios que se ejecutan en la máquina local del usuario.&#xa0;Esta vulnerabilidad afecta a Firefox versiones anteriores a 84, Thunderbird versiones anteriores a 78,6 y Firefox ESR versiones anteriores a 78,6 The Mozilla Foundation Security Advisory describes this flaw as: Using techniques that built on the slipstream research, a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine. • https://bugzilla.mozilla.org/show_bug.cgi?id=1677047 https://www.mozilla.org/security/advisories/mfsa2020-54 https://www.mozilla.org/security/advisories/mfsa2020-55 https://www.mozilla.org/security/advisories/mfsa2020-56 https://access.redhat.com/security/cve/CVE-2020-26978 https://bugzilla.redhat.com/show_bug.cgi?id=1908025 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0

When an extension with the proxy permission registered to receive <all_urls>, the proxy.onRequest callback was not triggered for view-source URLs. While web content cannot navigate to such URLs, a user opening View Source could have inadvertently leaked their IP address. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6. Cuando una extensión con el permiso de proxy se registró para recibir (all_urls), la devolución de llamada proxy.onRequest no se desencadenó para las URL de vista de origen.&#xa0;Si bien el contenido web no puede navegar a dichas URL, un usuario que abra View Source podría haber filtrado inadvertidamente su dirección IP. • https://bugzilla.mozilla.org/show_bug.cgi?id=1657916 https://www.mozilla.org/security/advisories/mfsa2020-54 https://www.mozilla.org/security/advisories/mfsa2020-55 https://www.mozilla.org/security/advisories/mfsa2020-56 https://access.redhat.com/security/cve/CVE-2020-35111 https://bugzilla.redhat.com/show_bug.cgi?id=1908027 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0

Mozilla developers reported memory safety bugs present in Firefox 83 and Firefox ESR 78.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6. Los desarrolladores de Mozilla reportaron bugs de seguridad de la memoria presentes en Firefox versión 83 y Firefox versión ESR 78.5.&#xa0;Algunos de estos bugs mostraron evidencia de corrupción de la memoria y suponemos que con un suficiente esfuerzo algunos de ellos podrían haberse explotado para ejecutar código arbitrario. • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1664831%2C1673589 https://www.mozilla.org/security/advisories/mfsa2020-54 https://www.mozilla.org/security/advisories/mfsa2020-55 https://www.mozilla.org/security/advisories/mfsa2020-56 https://access.redhat.com/security/cve/CVE-2020-35113 https://bugzilla.redhat.com/show_bug.cgi?id=1908029 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •

CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0

Searching for a single word from the address bar caused an mDNS request to be sent on the local network searching for a hostname consisting of that string; resulting in an information leak. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.*. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5. Una búsqueda de una sola palabra en la barra de direcciones causó que se enviara una petición mDNS en la red local buscando un nombre de host que constara de esa cadena;&#xa0;resultando en una filtración de información. • https://bugzilla.mozilla.org/show_bug.cgi?id=1663571 https://www.mozilla.org/security/advisories/mfsa2020-50 https://www.mozilla.org/security/advisories/mfsa2020-51 https://www.mozilla.org/security/advisories/mfsa2020-52 •