Page 72 of 784 results (0.007 seconds)

CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0

When running, the updater service wrote status and log files to an unrestricted location; potentially allowing an unprivileged process to locate and exploit a vulnerability in file handling in the updater service. *Note: This attack requires local system access and only affects Windows. Other operating systems are not affected.*. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71. Cuando se ejecuta, el servicio updater escribió el estado y los archivos de registro en una ubicación sin restricciones; permitiendo potencialmente a un proceso sin privilegios localizar y explotar una vulnerabilidad en el manejo de archivos en el servicio updater. • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html https://bugzilla.mozilla.org/show_bug.cgi?id=1510494 https://www.mozilla.org/security/advisories/mfsa2019-36 https://www.mozilla.org/security/advisories/mfsa2019-37 https://www.mozilla.org/security/advisories/mfsa2019-38 •

CVSS: 8.8EPSS: 0%CPEs: 25EXPL: 0

When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71. Al encriptar con un cifrado de bloque, si se realizó una llamada a NSC_EncryptUpdate con datos más pequeños que el tamaño del bloque, podría producirse una pequeña escritura fuera de límites. Esto podría haber causado una corrupción de la pila y un bloqueo explotable potencialmente. • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00006.html https://access.redhat.com/errata/RHSA-2020:0243 https://access.redhat.com/errata/RHSA-2020:0466 https://bugzilla.mozilla.org/show_bug.cgi?id=1586176 https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf https://lists.debian.org/debian-lts-announce/2020/09/m • CWE-787: Out-of-bounds Write •

CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0

If two same-origin documents set document.domain differently to become cross-origin, it was possible for them to call arbitrary DOM methods/getters/setters on the now-cross-origin window. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2. Si dos documentos del mismo origen configuran a document.domain de manera diferente para convertirse en origen cruzado, es posible llamar arbitrariamente a DOM methods/getters/setters en la ventana ahora de origen cruzado. Esta vulnerabilidad afecta a Firefox versiones anteriores a la versión 70, Thunderbird versiones anteriores a la versión 68.2 y Firefox ESR versiones anteriores a la versión 68.2. A flaw was found in Mozilla's firefox and thunderbird where if two same-origin documents set document.domain differently to become cross-origin, it was possible for them to call arbitrary DOM methods/getters/setters on the now-cross-origin window. • https://bugzilla.mozilla.org/show_bug.cgi?id=1582857 https://security.gentoo.org/glsa/202003-10 https://usn.ubuntu.com/4335-1 https://www.mozilla.org/security/advisories/mfsa2019-33 https://www.mozilla.org/security/advisories/mfsa2019-34 https://www.mozilla.org/security/advisories/mfsa2019-35 https://access.redhat.com/security/cve/CVE-2019-11762 https://bugzilla.redhat.com/show_bug.cgi?id=1764443 • CWE-346: Origin Validation Error CWE-829: Inclusion of Functionality from Untrusted Control Sphere •

CVSS: 8.8EPSS: 1%CPEs: 4EXPL: 1

Mozilla developers and community members reported memory safety bugs present in Firefox 69 and Firefox ESR 68.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2. Los desarrolladores de Mozilla y los miembros de la comunidad reportaron bugs de seguridad de memoria presentes en Firefox versión 69 y Firefox ESR versión 68.1. Algunos de estos errores mostraron evidencia de corrupción de memoria y suponemos que con un esfuerzo suficiente algunos de estos podrían ser explotados para ejecutar código arbitrario. • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1558522%2C1577061%2C1548044%2C1571223%2C1573048%2C1578933%2C1575217%2C1583684%2C1586845%2C1581950%2C1583463%2C1586599 https://security.gentoo.org/glsa/202003-10 https://usn.ubuntu.com/4335-1 https://www.mozilla.org/security/advisories/mfsa2019-33 https://www.mozilla.org/security/advisories/mfsa2019-34 https://www.mozilla.org/security/advisories/mfsa2019-35 https://access.redhat.com/security/cve/CVE-2019-11764 https://bugzilla.redhat.com/show_bug.cgi?id=17 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •

CVSS: 8.8EPSS: 1%CPEs: 4EXPL: 0

An attacker could have caused 4 bytes of HMAC output to be written past the end of a buffer stored on the stack. This could be used by an attacker to execute arbitrary code or more likely lead to a crash. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2. Un atacante podría haber causado que 4 bytes de salida HMAC se escribieran más allá del final de un búfer almacenado en la pila. Esto podría ser usado por un atacante para ejecutar código arbitrario o, más probablemente, conllevar a un bloqueo. • https://bugzilla.mozilla.org/show_bug.cgi?id=1577953 https://security.gentoo.org/glsa/202003-10 https://usn.ubuntu.com/4335-1 https://www.mozilla.org/security/advisories/mfsa2019-33 https://www.mozilla.org/security/advisories/mfsa2019-34 https://www.mozilla.org/security/advisories/mfsa2019-35 https://access.redhat.com/security/cve/CVE-2019-11759 https://bugzilla.redhat.com/show_bug.cgi?id=1764440 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •