厂商或团体 mozilla 的搜索结果 (1708)

CVE-2016-2803(发布:2017-04-12 18:59:00)NMP
CVSS4.3

[原文]Cross-site scripting (XSS) vulnerability in the dependency graphs in Bugzilla 2.16rc1 through 4.4.11, and 4.5.1 through 5.0.2 allows remote attackers to inject arbitrary web script or HTML.

CVE-2016-5283(发布:2016-09-22 18:59:18)NMP
CVSS6.8

[原文]Mozilla Firefox before 49.0 allows remote attackers to bypass the Same Origin Policy via a crafted fragment identifier in the SRC attribute of an IFRAME element, leading to insufficient restrictions on link-color information after a document is resized.

CVE-2016-5284(发布:2016-09-22 18:59:18)NMP
CVSS4.3

[原文]Mozilla Firefox before 49.0 and Firefox ESR 45.x before 45.4 rely on unintended expiration dates for Preloaded Public Key Pinning, which allows man-in-the-middle attackers to spoof add-on updates by leveraging possession of an X.509 server certificate for addons.mozilla.org signed by an arbitrary built-in Certification Authority.

CVE-2016-5282(发布:2016-09-22 18:59:16)NMP
CVSS4.3

[原文]Mozilla Firefox before 49.0 does not properly restrict the scheme in favicon requests, which might allow remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by a jar: URL for a favicon resource.

CVE-2016-5281(发布:2016-09-22 18:59:15)NMP
CVSS7.5

[原文]Use-after-free vulnerability in the DOMSVGLength class in Mozilla Firefox before 49.0 and Firefox ESR 45.x before 45.4 allows remote attackers to execute arbitrary code by leveraging improper interaction between JavaScript code and an SVG document.

CVE-2016-5280(发布:2016-09-22 18:59:14)NMP
CVSS7.5

[原文]Use-after-free vulnerability in the mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap function in Mozilla Firefox before 49.0 and Firefox ESR 45.x before 45.4 allows remote attackers to execute arbitrary code via bidirectional text.

12345678下一页尾页 第1页 / 共285页

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站