Page 63 of 693 results (0.018 seconds)

CVSS: 7.5EPSS: 16%CPEs: 3EXPL: 0

Use-after-free vulnerability in Mozilla Firefox 10.x before 10.0.1, Thunderbird 10.x before 10.0.1, and SeaMonkey 2.7 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger failure of an nsXBLDocumentInfo::ReadPrototypeBindings function call, related to the cycle collector's access to a hash table containing a stale XBL binding. Vulnerabilidad de uso después de liberar en Mozilla Firefox v10.x anteriores a v10.0.1, Thunderbird v10.x anteriores a v10.0.1, y SeaMonkey v2.7 permite a usuarios remotos provocar una denegación de servicio (caída de aplicación) o posiblemente ejecutar código de su eleccion a través de vectores que disparan fallos en la llamada a la función nsXBLDocumentInfo::ReadPrototypeBindings, relativo al acceso periódico al colector de tabla hash que contienen un enlace viejo. • http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00013.html http://secunia.com/advisories/48110 http://secunia.com/advisories/49055 http://www.mandriva.com/security/advisories?name=MDVSA-2012:017 http://www.mandriva.com/security/advisories?name=MDVSA-2012:018 http://www.mozilla.org/security/announce/2012/mfsa2012-10.html http://www.securityfocus.com/bid/51975 http://www.ubuntu.com/usn/USN-1360-1 • CWE-399: Resource Management Errors •

CVSS: 5.0EPSS: 1%CPEs: 126EXPL: 0

Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to bypass the HTML5 frame-navigation policy and replace arbitrary sub-frames by creating a form submission target with a sub-frame's name attribute. Mozilla Firefox 4.x hasta la versión 9.0, Thunderbird 5.0 hasta la 9.0 y SeaMonkey anteriores a la 2.7 permiten a atacantes remotos evitar la política de "frame-navigation" HTML5 y reemplazar sub-frames arbitrarios creando un objetivo de envío de formulario ("form submission target") con un atributo de nombre de sub-frame. • http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00011.html http://osvdb.org/78735 http://secunia.com/advisories/49055 http://www.mandriva.com/security/advisories?name=MDVSA-2012:013 http://www.mozilla.org/security/announce/2012/mfsa2012-03.html http://www.securityfocus.com/bid/51765 https://bugzilla.mozilla.org/show_bug.cgi?id=701071 https://exchange.xforce.ibmcloud.com/vulnerabilities/72835 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef&# • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 4.3EPSS: 0%CPEs: 126EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to inject arbitrary web script or HTML via a (1) web page or (2) Firefox extension, related to improper enforcement of XPConnect security restrictions for frame scripts that call untrusted objects. Múltiples vuelnerabilidades de ejccución de secuencias de comandos en sitios cruzados en Mozilla Firefox v4.x hasta v9.0, Thunderbird v5.0 hasta v9.0, y SeaMonkey antes de v2.7, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de un (1) pagina web o (2) extensión de Firefox, relacionados con la aplicación incorrecta de las restricciones de seguridad XPConnect de secuencias de comandos de tramas que llaman a objetos que no son de confianza. • http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00011.html http://secunia.com/advisories/49055 http://www.mandriva.com/security/advisories?name=MDVSA-2012:013 http://www.mozilla.org/security/announce/2012/mfsa2012-05.html http://www.securityfocus.com/bid/51752 https://bugzilla.mozilla.org/show_bug.cgi?id=705651 https://exchange.xforce.ibmcloud.com/vulnerabilities/72837 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14304 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 2.1EPSS: 0%CPEs: 123EXPL: 0

Mozilla Firefox 4.x through 9.0 and SeaMonkey before 2.7 on Linux and Mac OS X set weak permissions for Firefox Recovery Key.html, which might allow local users to read a Firefox Sync key via standard filesystem operations. Mozilla Firefox 4.x hasta la versión 9.0 y SeaMonkey anteriores a la 2.7 en Linux y Mac OS X establecen permisos débiles para Firefox Recovery Key.html, lo que puede permitir a usuarios locales leer una clave Firefox Sync a través de un operación del sistema de archivos estándar. • http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00011.html http://osvdb.org/78741 http://www.mandriva.com/security/advisories?name=MDVSA-2012:013 http://www.mozilla.org/security/announce/2012/mfsa2012-09.html https://bugzilla.mozilla.org/show_bug.cgi?id=716868 https://exchange.xforce.ibmcloud.com/vulnerabilities/72869 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14670 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 5.0EPSS: 0%CPEs: 126EXPL: 0

Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize data for image/vnd.microsoft.icon images, which allows remote attackers to obtain potentially sensitive information by reading a PNG image that was created through conversion from an ICO image. Mozilla Firefox 4.x hasta la versión 9.0, Thunderbird 5.0 hasta la 9.0 y SeaMonkey anteriores a la 2.7 no inicializan apropiadamente datos de imágenes image/vnd.microsoft.icon, lo que permite a atacantes remotos obtener información potencialmente sensible leyendo una imagen PNG creada a través de una imagen ICO. • http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00011.html http://secunia.com/advisories/49055 http://www.mandriva.com/security/advisories?name=MDVSA-2012:013 http://www.mozilla.org/security/announce/2012/mfsa2012-06.html https://bugzilla.mozilla.org/show_bug.cgi?id=710079 https://exchange.xforce.ibmcloud.com/vulnerabilities/72856 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14912 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •