CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2017-5426 – Ubuntu Security Notice USN-3216-1
https://notcve.org/view.php?id=CVE-2017-5426
08 Mar 2017 — On Linux, if the secure computing mode BPF (seccomp-bpf) filter is running when the Gecko Media Plugin sandbox is started, the sandbox fails to be applied and items that would run within the sandbox are run protected only by the running filter which is typically weak compared to the sandbox. Note: this issue only affects Linux. Other operating systems are not affected. This vulnerability affects Firefox < 52 and Thunderbird < 52. En Linux, si el filtro BPF en modo secure computing (seccomp-bpf) se está ejec... • http://www.securityfocus.com/bid/96694 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2017-5379 – Ubuntu Security Notice USN-3175-1
https://notcve.org/view.php?id=CVE-2017-5379
30 Jan 2017 — Use-after-free vulnerability in Web Animations when interacting with cycle collection found through fuzzing. This vulnerability affects Firefox < 51. Vulnerabilidad de uso de memoria previamente liberada en Web Animations al interactuar con la recolección de ciclos encontrada a través de fuzzing. La vulnerabilidad afecta a Firefox en versiones anteriores a la 51. USN-3175-1 fixed vulnerabilities in Firefox. • http://www.securityfocus.com/bid/95763 • CWE-416: Use After Free •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-5393 – Ubuntu Security Notice USN-3175-1
https://notcve.org/view.php?id=CVE-2017-5393
30 Jan 2017 — The "mozAddonManager" allows for the installation of extensions from the CDN for addons.mozilla.org, a publicly accessible site. This could allow malicious extensions to install additional extensions from the CDN in combination with an XSS attack on Mozilla AMO sites. This vulnerability affects Firefox < 51. "mozAddonManager" permite la instalación de extensiones del CDN para addons.mozilla.org, un sitio accesible de forma pública. Esto podría permitir que extensiones maliciosas instalen extensiones adicion... • http://www.securityfocus.com/bid/95763 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-5388 – Ubuntu Security Notice USN-3175-1
https://notcve.org/view.php?id=CVE-2017-5388
30 Jan 2017 — A STUN server in conjunction with a large number of "webkitRTCPeerConnection" objects can be used to send large STUN packets in a short period of time due to a lack of rate limiting being applied on e10s systems, allowing for a denial of service attack. This vulnerability affects Firefox < 51. Un servidor STUN, junto con un gran número de objetos "webkitRTCPeerConnection", puede emplearse para enviar paquetes STUN grandes en un corto período de tiempo debido a la falta de limitación de tasa aplicada en los ... • http://www.securityfocus.com/bid/95763 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-5391 – Ubuntu Security Notice USN-3175-1
https://notcve.org/view.php?id=CVE-2017-5391
30 Jan 2017 — Special "about:" pages used by web content, such as RSS feeds, can load privileged "about:" pages in an iframe. If a content-injection bug were found in one of those pages this could allow for potential privilege escalation. This vulnerability affects Firefox < 51. Las páginas "about:" especiales empleadas por el contenido web, como los feeds RSS, pueden cargar páginas "about:" privilegiadas en un iframe. Si se descubriese un error de inyección de contenidos en una de esas páginas, esto podría permitir un p... • http://www.securityfocus.com/bid/95763 •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2017-5374 – Ubuntu Security Notice USN-3175-1
https://notcve.org/view.php?id=CVE-2017-5374
30 Jan 2017 — Memory safety bugs were reported in Firefox 50.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 51. Se han reportado errores de seguridad de memoria en Firefox 50,1. Algunos de estos errores mostraron evidencias de corrupción de memoria y se entiende que, con el suficiente esfuerzo, algunos de estos podrían explotarse para ejecutar código arbitrario. • http://www.securityfocus.com/bid/95759 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2017-5389 – Ubuntu Security Notice USN-3175-1
https://notcve.org/view.php?id=CVE-2017-5389
30 Jan 2017 — WebExtensions could use the "mozAddonManager" API by modifying the CSP headers on sites with the appropriate permissions and then using host requests to redirect script loads to a malicious site. This allows a malicious extension to then install additional extensions without explicit user permission. This vulnerability affects Firefox < 51. WebExtensions podría emplear la API "mozAddonManager" modificando las cabeceras CSP en los sitios con los permisos apropiados y después empleando peticiones host para re... • http://www.securityfocus.com/bid/95763 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-5377 – Ubuntu Security Notice USN-3175-1
https://notcve.org/view.php?id=CVE-2017-5377
30 Jan 2017 — A memory corruption vulnerability in Skia that can occur when using transforms to make gradients, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 51. Puede ocurrir una vulnerabilidad de corrupción de memoria en Skia al emplear transforms para realizar gradientes, lo que resulta en un cierre inesperado potencialmente explotable. La vulnerabilidad afecta a Firefox en versiones anteriores a la 51. USN-3175-1 fixed vulnerabilities in Firefox. • http://www.securityfocus.com/bid/95761 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 1CVE-2017-5384 – Ubuntu Security Notice USN-3175-1
https://notcve.org/view.php?id=CVE-2017-5384
30 Jan 2017 — Proxy Auto-Config (PAC) files can specify a JavaScript function called for all URL requests with the full URL path which exposes more information than would be sent to the proxy itself in the case of HTTPS. Normally the Proxy Auto-Config file is specified by the user or machine owner and presumed to be non-malicious, but if a user has enabled Web Proxy Auto Detect (WPAD) this file can be served remotely. This vulnerability affects Firefox < 51. Los archivos PAC (Proxy Auto-Config) pueden especificar una fun... • http://www.securityfocus.com/bid/95763 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2017-5385 – Ubuntu Security Notice USN-3175-1
https://notcve.org/view.php?id=CVE-2017-5385
30 Jan 2017 — Data sent with in multipart channels, such as the multipart/x-mixed-replace MIME type, will ignore the referrer-policy response header, leading to potential information disclosure for sites using this header. This vulnerability affects Firefox < 51. Los datos enviados en canales multiparte, como el tipo MIME multipart/x-mixed-replace, ignorarán la cabecera de respuesta Referrer-Policy, lo que conduce a una potencial divulgación de información en los sitios que emplean esta cabecera. La vulnerabilidad afecta... • http://www.securityfocus.com/bid/95763 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •