Page 68 of 2526 results (0.025 seconds)

CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0

When importing resources using Web Workers, error messages would distinguish the difference between <code>application/javascript</code> responses and non-script responses. This could have been abused to learn information cross-origin. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6. Al importar recursos utilizando Web Workers, los mensajes de error distinguirían la diferencia entre respuestas <code>application/javascript</code> y respuestas sin script. Se podría haber abusado de esto para aprender información de origen cruzado. • https://bugzilla.mozilla.org/show_bug.cgi?id=1740985 https://bugzilla.mozilla.org/show_bug.cgi?id=1748503 https://www.mozilla.org/security/advisories/mfsa2022-04 https://www.mozilla.org/security/advisories/mfsa2022-05 https://www.mozilla.org/security/advisories/mfsa2022-06 https://access.redhat.com/security/cve/CVE-2022-22760 https://bugzilla.redhat.com/show_bug.cgi?id=2053238 • CWE-209: Generation of Error Message Containing Sensitive Information CWE-829: Inclusion of Functionality from Untrusted Control Sphere •

CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0

Mozilla developers Paul Adenot and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 96 and Firefox ESR 91.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6. Los desarrolladores de Mozilla, Paul Adenot y Mozilla Fuzzing Team, informaron sobre errores de seguridad de la memoria presentes en Firefox 96 y Firefox ESR 91.5. Algunos de estos errores mostraron evidencia de corrupción de memoria y suponemos que con suficiente esfuerzo algunos de ellos podrían haberse aprovechado para ejecutar código arbitrario. • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1742682%2C1744165%2C1746545%2C1748210%2C1748279 https://www.mozilla.org/security/advisories/mfsa2022-04 https://www.mozilla.org/security/advisories/mfsa2022-05 https://www.mozilla.org/security/advisories/mfsa2022-06 https://access.redhat.com/security/cve/CVE-2022-22764 https://bugzilla.redhat.com/show_bug.cgi?id=2053243 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •

CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 1

If a user was convinced to drag and drop an image to their desktop or other folder, the resulting object could have been changed into an executable script which would have run arbitrary code after the user clicked on it. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6. Si se convenciera a un usuario de arrastrar y soltar una imagen en su escritorio u otra carpeta, el objeto resultante podría haberse convertido en un script ejecutable que habría ejecutado código arbitrario después de que el usuario hiciera clic en él. Esta vulnerabilidad afecta a Firefox &lt; 97, Thunderbird &lt; 91.6 y Firefox ESR &lt; 91.6. The Mozilla Foundation Security Advisory describes this flaw as: If a user was convinced to drag and drop an image to their desktop or other folder, the resulting object could have been changed into an executable script, which would have run arbitrary code after the user clicked it. • https://bugzilla.mozilla.org/show_bug.cgi?id=1317873 https://www.mozilla.org/security/advisories/mfsa2022-04 https://www.mozilla.org/security/advisories/mfsa2022-05 https://www.mozilla.org/security/advisories/mfsa2022-06 https://access.redhat.com/security/cve/CVE-2022-22756 https://bugzilla.redhat.com/show_bug.cgi?id=2053237 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

Mozilla developers Christian Holler and Jason Kratzer reported memory safety bugs present in Firefox 95. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 96. Los desarrolladores de Mozilla, Christian Holler y Jason Kratzer, informaron sobre errores de seguridad de la memoria presentes en Firefox 95. Algunos de estos errores mostraron evidencia de corrupción de la memoria y suponemos que con suficiente esfuerzo algunos de ellos podrían haberse aprovechado para ejecutar código arbitrario. • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1741210%2C1742770 https://www.mozilla.org/security/advisories/mfsa2022-01 • CWE-787: Out-of-bounds Write •

CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0

After accepting an untrusted certificate, handling an empty pkcs7 sequence as part of the certificate data could have lead to a crash. This crash is believed to be unexploitable. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5. Después de aceptar un certificado que no es de confianza, manejar una secuencia pkcs7 vacía como parte de los datos del certificado podría haber provocado un bloqueo. Se cree que este accidente no es explotable. • https://bugzilla.mozilla.org/show_bug.cgi?id=1735028 https://www.mozilla.org/security/advisories/mfsa2022-01 https://www.mozilla.org/security/advisories/mfsa2022-02 https://www.mozilla.org/security/advisories/mfsa2022-03 https://access.redhat.com/security/cve/CVE-2022-22747 https://bugzilla.redhat.com/show_bug.cgi?id=2039572 • CWE-295: Improper Certificate Validation CWE-476: NULL Pointer Dereference •