Page 89 of 628 results (0.014 seconds)

CVSS: 9.8EPSS: 0%CPEs: 18EXPL: 0

A use-after-free vulnerability can occur when an IndexedDB index is deleted while still in use by JavaScript code that is providing payload values to be stored. This results in a potentially exploitable crash. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird < 60.2.1. Puede ocurrir una vulnerabilidad de uso de memoria previamente liberada cuando un índice IndexedDB se elimina mientras sigue en uso por parte de código JavaScript que está proporcionando valores de carga útil para que sean almacenados. Esto resulta en un cierre inesperado potencialmente explotable. • http://www.securityfocus.com/bid/105280 http://www.securitytracker.com/id/1041610 https://access.redhat.com/errata/RHSA-2018:2692 https://access.redhat.com/errata/RHSA-2018:2693 https://access.redhat.com/errata/RHSA-2018:3403 https://access.redhat.com/errata/RHSA-2018:3458 https://bugzilla.mozilla.org/show_bug.cgi?id=1459383 https://lists.debian.org/debian-lts-announce/2018/11/msg00011.html https://security.gentoo.org/glsa/201810-01 https://security.gentoo.org/glsa/20181 • CWE-416: Use After Free •

CVSS: 5.5EPSS: 0%CPEs: 18EXPL: 1

If a user saved passwords before Firefox 58 and then later set a master password, an unencrypted copy of these passwords is still accessible. This is because the older stored password file was not deleted when the data was copied to a new format starting in Firefox 58. The new master password is added only on the new file. This could allow the exposure of stored password data outside of user expectations. This vulnerability affects Firefox < 62, Firefox ESR < 60.2.1, and Thunderbird < 60.2.1. • http://www.securityfocus.com/bid/105276 http://www.securitytracker.com/id/1041610 http://www.securitytracker.com/id/1041701 https://access.redhat.com/errata/RHSA-2018:2834 https://access.redhat.com/errata/RHSA-2018:2835 https://access.redhat.com/errata/RHSA-2018:3403 https://access.redhat.com/errata/RHSA-2018:3458 https://bugzilla.mozilla.org/show_bug.cgi?id=1475775 https://lists.debian.org/debian-lts-announce/2018/11/msg00011.html https://security.gentoo.org/glsa/201810- • CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer CWE-522: Insufficiently Protected Credentials •

CVSS: 9.8EPSS: 0%CPEs: 9EXPL: 0

Memory safety bugs present in Firefox 60 and Firefox ESR 60. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60, Firefox ESR < 60.1, and Firefox < 61. Hay errores de seguridad de memoria en Firefox 60 y Firefox ESR 60. Algunos de estos errores mostraron evidencias de corrupción de memoria y se entiende que, con el suficiente esfuerzo, algunos de estos podrían explotarse para ejecutar código arbitrario. • http://www.securityfocus.com/bid/104556 https://bugzilla.mozilla.org/buglist.cgi?bug_id=1461324%2C1414829%2C1395246%2C1467938%2C1461619%2C1425930%2C1438556%2C1454285%2C1459568%2C1463884 https://lists.debian.org/debian-lts-announce/2018/11/msg00011.html https://security.gentoo.org/glsa/201810-01 https://security.gentoo.org/glsa/201811-13 https://usn.ubuntu.com/3705-1 https://www.debian.org/security/2018/dsa-4295 https://www.mozilla.org/security/advisories/mfsa2018-15 https://www.mozilla.org&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.8EPSS: 1%CPEs: 6EXPL: 0

WebExtensions bundled with embedded experiments were not correctly checked for proper authorization. This allowed a malicious WebExtension to gain full browser permissions. This vulnerability affects Firefox ESR < 60.1 and Firefox < 61. Las WebExtensions incluidas con los experimentos embebidos no se comprobaron correctamente en busca de una autorización adecuada. Esto permitía que una WebExtension maliciosa obtenga los permisos totales del navegador. • http://www.securityfocus.com/bid/104561 http://www.securitytracker.com/id/1041193 https://bugzilla.mozilla.org/show_bug.cgi?id=1454909 https://security.gentoo.org/glsa/201810-01 https://usn.ubuntu.com/3705-1 https://www.mozilla.org/security/advisories/mfsa2018-15 https://www.mozilla.org/security/advisories/mfsa2018-16 • CWE-863: Incorrect Authorization •

CVSS: 8.8EPSS: 0%CPEs: 9EXPL: 0

An integer overflow can occur in the SwizzleData code while calculating buffer sizes. The overflowed value is used for subsequent graphics computations when their inputs are not sanitized which results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Firefox ESR < 60.1, and Firefox < 61. Puede ocurrir un desbordamiento de enteros en el código SwizzleData al calcular tamaños de búfer. El valor desbordado se emplea para posteriores cálculos de gráficos cuando sus entradas no se sanean, lo que resulta en un cierre inesperado potencialmente explotable. • http://www.securityfocus.com/bid/104558 http://www.securitytracker.com/id/1041193 https://bugzilla.mozilla.org/show_bug.cgi?id=1463244 https://lists.debian.org/debian-lts-announce/2018/11/msg00011.html https://security.gentoo.org/glsa/201810-01 https://security.gentoo.org/glsa/201811-13 https://usn.ubuntu.com/3705-1 https://www.debian.org/security/2018/dsa-4295 https://www.mozilla.org/security/advisories/mfsa2018-15 https://www.mozilla.org/security/advisories/mfsa2018-16&# • CWE-190: Integer Overflow or Wraparound •