Page 93 of 1396 results (0.012 seconds)

CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0

Performing garbage collection on re-declared JavaScript variables resulted in a user-after-poison, and a potentially exploitable crash. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7. Realizar una recolección de basura en variables de JavaScript declaradas nuevamente resultó en un usuario después del envenenamiento y un bloqueo potencialmente explotable.&#xa0;Esta vulnerabilidad afecta a Firefox versiones anteriores a 85, Thunderbird versiones anteriores a 78,7 y Firefox ESR versiones anteriores a 78,7 The Mozilla Foundation Security Advisory describes this flaw as: Performing garbage collection on re-declared JavaScript variables resulted in a user-after-poison, and a potentially exploitable crash. • https://bugzilla.mozilla.org/show_bug.cgi?id=1675755 https://www.mozilla.org/security/advisories/mfsa2021-03 https://www.mozilla.org/security/advisories/mfsa2021-04 https://www.mozilla.org/security/advisories/mfsa2021-05 https://access.redhat.com/security/cve/CVE-2021-23960 https://bugzilla.redhat.com/show_bug.cgi?id=1920650 • CWE-626: Null Byte Interaction Error (Poison Null Byte) •

CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0

Using the new logical assignment operators in a JavaScript switch statement could have caused a type confusion, leading to a memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7. Usando los nuevos operadores de asignación lógica en una declaración de cambio de JavaScript podría haber causado una confusión de tipos, conllevando a una corrupción de la memoria y un bloqueo potencialmente explotable.&#xa0;Esta vulnerabilidad afecta a Firefox versiones anteriores a 85, Thunderbird versiones anteriores a 78,7 y Firefox ESR versiones anteriores a 78,7 The Mozilla Foundation Security Advisory describes this flaw as: Using the new logical assignment operators in a JavaScript switch statement could have caused a type confusion, leading to a memory corruption and a potentially exploitable crash. • https://bugzilla.mozilla.org/show_bug.cgi?id=1684020 https://www.mozilla.org/security/advisories/mfsa2021-03 https://www.mozilla.org/security/advisories/mfsa2021-04 https://www.mozilla.org/security/advisories/mfsa2021-05 https://access.redhat.com/security/cve/CVE-2021-23954 https://bugzilla.redhat.com/show_bug.cgi?id=1920648 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

When a malicious application installed on the user's device broadcast an Intent to Firefox for Android, arbitrary headers could have been specified, leading to attacks such as abusing ambient authority or session fixation. This was resolved by only allowing certain safe-listed headers. *Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 84. • https://bugzilla.mozilla.org/show_bug.cgi?id=1661071 https://www.mozilla.org/security/advisories/mfsa2020-54 •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

By attempting to connect a website using an unresponsive port, an attacker could have controlled the content of a tab while the URL bar displayed the original domain. *Note: This issue only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 84. Al intentar conectar un sitio web usando un puerto que no responde, un atacante podría haber controlado el contenido de una pestaña mientras la barra de URL mostraba el dominio original. • https://bugzilla.mozilla.org/show_bug.cgi?id=1676311 https://www.mozilla.org/security/advisories/mfsa2020-54 •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

When a user typed a URL in the address bar or the search bar and quickly hit the enter key, a website could sometimes capture that event and then redirect the user before navigation occurred to the desired, entered address. To construct a convincing spoof the attacker would have had to guess what the user was typing, perhaps by suggesting it. This vulnerability affects Firefox < 84. Cuando un usuario escribió una URL en la barra de direcciones o en la barra de búsqueda y presionó rápidamente la tecla Intro, un sitio web a veces podía capturar ese evento y luego redireccionar al usuario antes de que la navegación ocurriera hacia la dirección ingresada deseada.&#xa0;Para construir una copia convincente, el atacante habría tenido que adivinar lo que estaba escribiendo el usuario, quizás sugiriéndolo. • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1641287%2C1673299 https://www.mozilla.org/security/advisories/mfsa2020-54 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •