Page 97 of 580 results (0.009 seconds)

CVSS: 6.5EPSS: 3%CPEs: 4EXPL: 0

Integer overflow in the image-deinterlacing functionality in Mozilla Firefox before 44.0 allows remote attackers to cause a denial of service (memory consumption or application crash) via a crafted GIF image. Desbordamiento de entero en la funcionalidad image-deinterlacing en Mozilla Firefox en versiones anteriores a 44.0 permite a atacantes remotos causar una denegación de servicio (consumo de memoria o caída de aplicación) a través de una imagen GIF manipulada. • http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00002.html http://www.mozilla.org/security/announce/2016/mfsa2016-02.html http://www.securityfocus.com/bid/81956 http://www.securitytracker.com/id/1034825 http://www.ubuntu.com/usn/USN-2880-1 http://www.ubuntu.com/usn/USN-2880-2 https://bugzilla.mozilla.org/show_bug.cgi?id=1231761 https://security.gentoo.org/glsa/201605-06 • CWE-189: Numeric Errors •

CVSS: 7.4EPSS: 0%CPEs: 4EXPL: 0

Mozilla Firefox before 44.0 allows user-assisted remote attackers to spoof a trailing substring in the address bar by leveraging a user's paste of a (1) wyciwyg: URI or (2) resource: URI. Mozilla Firefox en versiones anteriores a 44.0 permite a atacantes remotos asistidos por usuario suplantar una subcadena posterior en la barra de direcciones aprovechando lo que pega un usuario de un (1) wyciwyg: URI o (2) resource: URI. • http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00002.html http://www.mozilla.org/security/announce/2016/mfsa2016-09.html http://www.securityfocus.com/bid/81948 http://www.securitytracker.com/id/1034825 http://www.ubuntu.com/usn/USN-2880-1 http://www.ubuntu.com/usn/USN-2880-2 https://bugzilla.mozilla.org/show_bug.cgi?id=1189082 https://security.gentoo.org/glsa/201605-06 • CWE-20: Improper Input Validation •

CVSS: 10.0EPSS: 4%CPEs: 4EXPL: 0

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 44.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to uninitialized memory encountered during brotli data compression, and other vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador en Mozilla Firefox en versiones anteriores a 44.0 permiten a atacantes remotos causar una denegación de servicio (corrupción de memoria y caída de aplicación) o posiblemente ejecutar código arbitrario a través de vectores relacionados con memoria sin inicializar encontrados durante la compresión de datos brotli y otros vectores. • http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00002.html http://www.mozilla.org/security/announce/2016/mfsa2016-01.html http://www.securityfocus.com/bid/81953 http://www.securitytracker.com/id/1034825 http://www.ubuntu.com/usn/USN-2880-1 http://www.ubuntu.com/usn/USN-2880-2 https://bugzilla.mozilla.org/show_bug.cgi?id=1180064 https://bugzilla.mozilla.org/show_bug.cgi?id=1186973 http • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0

Mozilla Firefox before 44.0 stores cookies with names containing vertical tab characters, which allows remote attackers to obtain sensitive information by reading HTTP Cookie headers. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-7208. Mozilla Firefox en versiones anteriores a 44.0 almacena cookies con nombres que contienen caracteres de tabulación verticales, lo que permite a atacantes remotos obtener información sensible mediante la lectura de cabeceras HTTP Cookie. NOTA: esta vulnerabilidad existe debido a una solución incompleta para CVE-2015-7208. • http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00002.html http://www.mozilla.org/security/announce/2016/mfsa2016-04.html http://www.securitytracker.com/id/1034825 http://www.ubuntu.com/usn/USN-2880-1 http://www.ubuntu.com/usn/USN-2880-2 https://bugzilla.mozilla.org/show_bug.cgi?id=1233784 https://security.gentoo.org/glsa/201605-06 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 10.0EPSS: 4%CPEs: 4EXPL: 0

The MoofParser::Metadata function in binding/MoofParser.cpp in libstagefright in Mozilla Firefox before 44.0 does not limit the size of read operations, which might allow remote attackers to cause a denial of service (integer overflow and buffer overflow) or possibly have unspecified other impact via crafted metadata. La función MoofParser::Metadata en binding/MoofParser.cpp en libstagefright en Mozilla Firefox en versiones anteriores a 44.0 no limita el tamaño de las operaciones de lectura, lo que podría permitir a atacantes remotos causar una denegación de servicio (desbordamiento de entero y desbordamiento de buffer) o posiblemente tener otro impacto no especificado a través de metadatos manipulados. • http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00002.html http://www.mozilla.org/security/announce/2016/mfsa2016-10.html http://www.securityfocus.com/bid/81950 http://www.securitytracker.com/id/1034825 http://www.ubuntu.com/usn/USN-2880-1 http://www.ubuntu.com/usn/USN-2880-2 https://bugzilla.mozilla.org/show_bug.cgi?id=1232069 https://hg.mozilla.org/mozilla-central/rev/2a57c0a0cf19 htt • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-189: Numeric Errors •