CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 1CVE-2017-5421 – Ubuntu Security Notice USN-3216-1
https://notcve.org/view.php?id=CVE-2017-5421
08 Mar 2017 — A malicious site could spoof the contents of the print preview window if popup windows are enabled, resulting in user confusion of what site is currently loaded. This vulnerability affects Firefox < 52 and Thunderbird < 52. Un sitio malicioso podría suplantar el contenido de la ventana de previsualización de impresión si las ventanas emergentes están habilitadas, lo que resulta en una confusión del usuario de qué sitio está cargado actualmente. La vulnerabilidad afecta a Firefox en versiones anteriores a la... • http://www.securityfocus.com/bid/96692 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 3%CPEs: 2EXPL: 1CVE-2017-5422 – Ubuntu Security Notice USN-3216-1
https://notcve.org/view.php?id=CVE-2017-5422
08 Mar 2017 — If a malicious site uses the "view-source:" protocol in a series within a single hyperlink, it can trigger a non-exploitable browser crash when the hyperlink is selected. This was fixed by no longer making "view-source:" linkable. This vulnerability affects Firefox < 52 and Thunderbird < 52. Si un sitio malicioso emplea el protocolo "view-source:" en una serie en un único hipervínculo, puede desencadenar un cierre inesperado no explotable del navegador cuando se selecciona el hipervínculo. Esto se solucionó... • http://www.securityfocus.com/bid/96692 • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2017-5426 – Ubuntu Security Notice USN-3216-1
https://notcve.org/view.php?id=CVE-2017-5426
08 Mar 2017 — On Linux, if the secure computing mode BPF (seccomp-bpf) filter is running when the Gecko Media Plugin sandbox is started, the sandbox fails to be applied and items that would run within the sandbox are run protected only by the running filter which is typically weak compared to the sandbox. Note: this issue only affects Linux. Other operating systems are not affected. This vulnerability affects Firefox < 52 and Thunderbird < 52. En Linux, si el filtro BPF en modo secure computing (seccomp-bpf) se está ejec... • http://www.securityfocus.com/bid/96694 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-5427 – Ubuntu Security Notice USN-3216-1
https://notcve.org/view.php?id=CVE-2017-5427
08 Mar 2017 — A non-existent chrome.manifest file will attempt to be loaded during startup from the primary installation directory. If a malicious user with local access puts chrome.manifest and other referenced files in this directory, they will be loaded and activated during startup. This could result in malicious software being added without consent or modification of referenced installed files. This vulnerability affects Firefox < 52. Un archivo chrome.manifest inexistente intentará cargarse durante el arranque desde... • http://www.securityfocus.com/bid/96692 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 9.8EPSS: 4%CPEs: 1EXPL: 1CVE-2017-5374 – Ubuntu Security Notice USN-3175-1
https://notcve.org/view.php?id=CVE-2017-5374
30 Jan 2017 — Memory safety bugs were reported in Firefox 50.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 51. Se han reportado errores de seguridad de memoria en Firefox 50,1. Algunos de estos errores mostraron evidencias de corrupción de memoria y se entiende que, con el suficiente esfuerzo, algunos de estos podrían explotarse para ejecutar código arbitrario. • http://www.securityfocus.com/bid/95759 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 4%CPEs: 1EXPL: 0CVE-2017-5377 – Ubuntu Security Notice USN-3175-1
https://notcve.org/view.php?id=CVE-2017-5377
30 Jan 2017 — A memory corruption vulnerability in Skia that can occur when using transforms to make gradients, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 51. Puede ocurrir una vulnerabilidad de corrupción de memoria en Skia al emplear transforms para realizar gradientes, lo que resulta en un cierre inesperado potencialmente explotable. La vulnerabilidad afecta a Firefox en versiones anteriores a la 51. USN-3175-1 fixed vulnerabilities in Firefox. • http://www.securityfocus.com/bid/95761 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 3%CPEs: 1EXPL: 1CVE-2017-5379 – Ubuntu Security Notice USN-3175-1
https://notcve.org/view.php?id=CVE-2017-5379
30 Jan 2017 — Use-after-free vulnerability in Web Animations when interacting with cycle collection found through fuzzing. This vulnerability affects Firefox < 51. Vulnerabilidad de uso de memoria previamente liberada en Web Animations al interactuar con la recolección de ciclos encontrada a través de fuzzing. La vulnerabilidad afecta a Firefox en versiones anteriores a la 51. USN-3175-1 fixed vulnerabilities in Firefox. • http://www.securityfocus.com/bid/95763 • CWE-416: Use After Free •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2017-5381 – Ubuntu Security Notice USN-3175-1
https://notcve.org/view.php?id=CVE-2017-5381
30 Jan 2017 — The "export" function in the Certificate Viewer can force local filesystem navigation when the "common name" in a certificate contains slashes, allowing certificate content to be saved in unsafe locations with an arbitrary filename. This vulnerability affects Firefox < 51. La función "export" en el visor de certificados puede forzar la navegación por el sistema de archivos local cuando el "common name" en un certificado contiene barras diagonales, lo que permite guardar el contenido de los certificados en u... • http://www.securityfocus.com/bid/95763 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2017-5382 – Ubuntu Security Notice USN-3175-1
https://notcve.org/view.php?id=CVE-2017-5382
30 Jan 2017 — Feed preview for RSS feeds can be used to capture errors and exceptions generated by privileged content, allowing for the exposure of internal information not meant to be seen by web content. This vulnerability affects Firefox < 51. La previsualización de feeds para feeds RSS se puede utilizar para capturar errores y excepciones generadas por contenido privilegiado, lo que permite la exposición de información interna no diseñada para ser vista por contenido web. La vulnerabilidad afecta a Firefox en version... • http://www.securityfocus.com/bid/95763 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.9EPSS: 2%CPEs: 1EXPL: 1CVE-2017-5384 – Ubuntu Security Notice USN-3175-1
https://notcve.org/view.php?id=CVE-2017-5384
30 Jan 2017 — Proxy Auto-Config (PAC) files can specify a JavaScript function called for all URL requests with the full URL path which exposes more information than would be sent to the proxy itself in the case of HTTPS. Normally the Proxy Auto-Config file is specified by the user or machine owner and presumed to be non-malicious, but if a user has enabled Web Proxy Auto Detect (WPAD) this file can be served remotely. This vulnerability affects Firefox < 51. Los archivos PAC (Proxy Auto-Config) pueden especificar una fun... • http://www.securityfocus.com/bid/95763 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •