Page 88 of 1430 results (0.019 seconds)

CVSS: 9.3EPSS: 1%CPEs: 15EXPL: 0

Mozilla Network Security Services (NSS) before 3.23, as used in Mozilla Firefox before 47.0, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors. Mozilla Network Security Services (NSS) en versiones anteriores a3.23, tal como se utiliza en Mozilla Firefox en versiones anteriores a 47.0, permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria y caída de aplicación) o posiblemente tener otro impacto no especificado a través de vectores desconocidos. Multiple buffer handling flaws were found in the way NSS handled cryptographic data from the network. A remote attacker could use these flaws to crash an application using NSS or, possibly, execute arbitrary code with the permission of the user running the application. • http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00055.html http://rhn.redhat.com/errata/RHSA-2016-2779.html http://www.debian.org/security/2016/dsa-3688 http://www.mozilla.org/security/announce/2016/mfsa2016-61.html http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html http://www.oracle.com/technetwork/secur •

CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0

Mozilla Firefox before 47.0 allows remote attackers to spoof permission notifications via a crafted web site that rapidly triggers permission requests, as demonstrated by the microphone permission or the geolocation permission. Mozilla Firefox en versiones anteriores a 47.0 permite a atacantes remotos suplantar notificaciones de permisos a través de un sitio web manipulado que rápidamente desencadena peticiones de permisos, según lo demostrado mediante el permiso de micrófono o el permiso de geolocalización. • http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00016.html http://www.mozilla.org/security/announce/2016/mfsa2016-57.html http://www.securitytracker.com/id/1036057 http://www.ubuntu.com/usn/USN-2993-1 https://bugzilla.mozilla.org/show_bug.cgi?id=1248329 • CWE-284: Improper Access Control •

CVSS: 4.3EPSS: 0%CPEs: 8EXPL: 0

Mozilla Firefox before 47.0 allows remote attackers to discover the list of disabled plugins via a fingerprinting attack involving Cascading Style Sheets (CSS) pseudo-classes. Mozilla Firefox en versiones anteriores a 47.0 permite a atacantes remotos descubrir la lista de plugins deshabilitadas a través de un ataque de huellas dactilares involucrando pseudo clases Cascading Style Sheets (CSS). • http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00016.html http://www.mozilla.org/security/announce/2016/mfsa2016-59.html http://www.securitytracker.com/id/1036057 http://www.ubuntu.com/usn/USN-2993-1 https://bugzilla.mozilla.org/show_bug.cgi?id=1025267 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 6.1EPSS: 0%CPEs: 8EXPL: 0

Mozilla Firefox before 47.0 ignores Content Security Policy (CSP) directives for cross-domain Java applets, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted applet. Mozilla Firefox en versiones anteriores a 47.0 ignora directivas Content Security Policy (CSP) para subprogramas de dominios cruzados Java, lo que facilita a atacantes remotos llevar a cabo ataques XSS a través de un subprograma manipulado. • http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00016.html http://www.mozilla.org/security/announce/2016/mfsa2016-60.html http://www.securitytracker.com/id/1036057 http://www.ubuntu.com/usn/USN-2993-1 https://bugzilla.mozilla.org/show_bug.cgi?id=908933 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-254: 7PK - Security Features •

CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0

Mozilla Firefox before 47.0 allows remote attackers to bypass the Same Origin Policy and modify the location.host property via an invalid data: URL. Mozilla Firefox en versiones anteriores a 47.0 permite a atacantes remotos eludir la Same Origin Policy y modificar la propiedad location.host a través de un dato no válido: URL. • http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00016.html http://www.mozilla.org/security/announce/2016/mfsa2016-54.html http://www.securitytracker.com/id/1036057 http://www.ubuntu.com/usn/USN-2993-1 https://bugzilla.mozilla.org/show_bug.cgi?id=1193093 • CWE-284: Improper Access Control •