Page 67 of 1313 results (0.007 seconds)

CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0

CVE-2020-15654 – Mozilla: Custom cursor can overlay user interface

https://notcve.org/view.php?id=CVE-2020-15654

When in an endless loop, a website specifying a custom cursor using CSS could make it look like the user is interacting with the user interface, when they are not. This could lead to a perceived broken state, especially when interactions with existing browser dialogs and warnings do not work. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1. Cuando en un bucle infinito, un sitio web que especifica un cursor personalizado usando CSS podría hacer que parezca que el usuario está interactuando con la interfaz de usuario, cuando no es así. Esto podría conllevar a un estado roto percibido, especialmente cuando las interacciones con los diálogos y advertencias del navegador existentes no funcionan. • http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00025.html https://bugzilla.mozilla.org/show_bug.cgi?id=1648333 https://usn.ubuntu.com/4443-1 https://www.mozilla.org/security/advisories/mfsa2020-30 https://www.mozilla.org/security/advisories/mfsa2020-32 https://www.mozilla.org/security/advisories/mfsa2020-33 https://access.redhat.com/security/cve/CVE-2020-15654 https://bugzilla.redhat.com/show_bug.cgi?id=1861649 • CWE-451: User Interface (UI) Misrepresentation of Critical Information CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •

CVSS: 9.3EPSS: 0%CPEs: 7EXPL: 0

CVE-2020-15656 – Mozilla: Type confusion for special arguments in IonMonkey

https://notcve.org/view.php?id=CVE-2020-15656

JIT optimizations involving the Javascript arguments object could confuse later optimizations. This risk was already mitigated by various precautions in the code, resulting in this bug rated at only moderate severity. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1. Las optimizaciones JIT que involucran el objeto de argumentos de Javascript podrían confundir optimizaciones posteriores. Este riesgo ya fue mitigado por varias precauciones en el código, resultando en este error calificado con una severidad moderada. • http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00025.html https://bugzilla.mozilla.org/show_bug.cgi?id=1647293 https://usn.ubuntu.com/4443-1 https://www.mozilla.org/security/advisories/mfsa2020-30 https://www.mozilla.org/security/advisories/mfsa2020-32 https://www.mozilla.org/security/advisories/mfsa2020-33 https://access.redhat.com/security/cve/CVE-2020-15656 https://bugzilla.redhat.com/show_bug.cgi?id=1861646 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •

CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0

CVE-2020-15652 – Mozilla: Potential leak of redirect targets when loading scripts in a worker

https://notcve.org/view.php?id=CVE-2020-15652

By observing the stack trace for JavaScript errors in web workers, it was possible to leak the result of a cross-origin redirect. This applied only to content that can be parsed as script. This vulnerability affects Firefox < 79, Firefox ESR < 68.11, Firefox ESR < 78.1, Thunderbird < 68.11, and Thunderbird < 78.1. Al observar el seguimiento de la pila de errores de JavaScript en los trabajadores web, fue posible filtrar el resultado de un redireccionamiento de origen cruzado. Esto se aplica solo al contenido que puede ser analizado como script. • http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00032.html https://bugzilla.mozilla.org/show_bug.cgi?id=1634872 https://usn.ubuntu.com/4443-1 https://www.mozilla.org/security/advisories/mfsa2020-30 https://www.mozilla.org/security/advisories/mfsa2020-31 https://www.mozilla.org/security/advisories/mfsa2020-32 https://www.mozill • CWE-209: Generation of Error Message Containing Sensitive Information CWE-346: Origin Validation Error •

CVSS: 9.3EPSS: 0%CPEs: 10EXPL: 0

CVE-2020-15659 – Mozilla: Memory safety bugs fixed in Firefox 79 and Firefox ESR 68.11

https://notcve.org/view.php?id=CVE-2020-15659

Mozilla developers and community members reported memory safety bugs present in Firefox 78 and Firefox ESR 78.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 79, Firefox ESR < 68.11, Firefox ESR < 78.1, Thunderbird < 68.11, and Thunderbird < 78.1. Los desarrolladores de Mozilla y los miembros de la comunidad informaron bugs de seguridad de la memoria presentes en Firefox versión 78 y Firefox ESR versión 78.0. Algunos de estos bugs mostraron evidencia de corrupción de la memoria y suponemos que con un suficiente esfuerzo algunos de ellos podrían haberse explotado para ejecutar código arbitrario. • http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00032.html https://bugzilla.mozilla.org/buglist.cgi?bug_id=1550133%2C1633880%2C1643613%2C1644839%2C1645835%2C1646006%2C1646787%2C1649347%2C1650811%2C1651678 https://usn.ubuntu.com/4443-1 https://www.mozilla.org/security/advisories/mfsa2020-30 https://www.mozilla.org/security/advisories/mfsa2020-31 https • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •

CVSS: 9.3EPSS: 0%CPEs: 9EXPL: 1

CVE-2020-12417 – Mozilla: Memory corruption due to missing sign-extension for ValueTags on ARM64

https://notcve.org/view.php?id=CVE-2020-12417

Due to confusion about ValueTags on JavaScript Objects, an object may pass through the type barrier, resulting in memory corruption and a potentially exploitable crash. *Note: this issue only affects Firefox on ARM64 platforms.* This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0. Debido a una confusión acerca de ValueTags en objetos JavaScript, un objeto puede pasar a través de la barrera de tipo, resultando en una corrupción de la memoria y un bloqueo potencialmente explotable. *Nota: este problema solo afecta a Firefox en las plataformas ARM64. * Esta vulnerabilidad afecta a Firefox ESR versiones anteriores a 68.10, Firefox versiones anteriores a 78 y Thunderbird versiones anteriores a 68.10.0 The Mozilla Foundation Security Advisory describes this flaw as: Due to confusion about ValueTags on JavaScript Objects, an object may pass through the type barrier, resulting in memory corruption and a potentially exploitable crash. • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00023.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00026.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00027.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00049.html https://bugzilla.mozilla.org/show_bug.cgi?id=1640737 https://security.gentoo.org/glsa/202007-09 https://security.gentoo.org/glsa/202007-10 https://usn.ubuntu.com/4421-1 https://www.mozilla. • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-617: Reachable Assertion CWE-681: Incorrect Conversion between Numeric Types CWE-787: Out-of-bounds Write •