CVSS: 9.8EPSS: 3%CPEs: 4EXPL: 0CVE-2018-5122 – Ubuntu Security Notice USN-3544-1
https://notcve.org/view.php?id=CVE-2018-5122
25 Jan 2018 — A potential integer overflow in the "DoCrypt" function of WebCrypto was identified. If a means was found of exploiting it, it could result in an out-of-bounds write. This vulnerability affects Firefox < 58. Se ha identificado un potencial desbordamiento de enteros en la función "DoCrypt" de WebCrypto. Si se encuentra un medio para explotarlo, podría resultar en una escritura fuera de límites. • http://www.securityfocus.com/bid/102786 • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 2%CPEs: 4EXPL: 0CVE-2018-5101 – Ubuntu Security Notice USN-3544-1
https://notcve.org/view.php?id=CVE-2018-5101
25 Jan 2018 — A use-after-free vulnerability can occur when manipulating floating "first-letter" style elements, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 58. Puede ocurrir una vulnerabilidad de uso de memoria previamente liberada cuando se manipulan elementos de estilo "first-letter" flotantes, resultando en un cierre inesperado potencialmente explotable. Esta vulnerabilidad afecta a las versiones anteriores a la 58 de Firefox. Multiple security issues were discovered in Firefox.... • http://www.securityfocus.com/bid/102786 • CWE-416: Use After Free •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2018-5118 – Ubuntu Security Notice USN-3544-1
https://notcve.org/view.php?id=CVE-2018-5118
25 Jan 2018 — The screenshot images displayed in the Activity Stream page displayed when a new tab is opened is created from the meta tags of websites. An issue was discovered where the page could attempt to create these images through "file:" URLs from the local file system. This loading is blocked by the sandbox but could expose local data if combined with another attack that escapes sandbox protections. This vulnerability affects Firefox < 58. Las imágenes de captura de pantalla que se muestran en la página Activity S... • http://www.securityfocus.com/bid/102786 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2018-5119 – Ubuntu Security Notice USN-3544-1
https://notcve.org/view.php?id=CVE-2018-5119
25 Jan 2018 — The reader view will display cross-origin content when CORS headers are set to prohibit the loading of cross-origin content by a site. This could allow access to content that should be restricted in reader view. This vulnerability affects Firefox < 58. La vista del lector mostrará el contenido de orígenes cruzados cuando las cabeceras CORS estén configurados para prohibir la carga de contenido de orígenes cruzados por un sitio. Esto podría permitir el acceso a contenidos que deberían ser restringidos en la ... • http://www.securityfocus.com/bid/102786 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 23%CPEs: 51EXPL: 0CVE-2017-3144 – Failure to properly clean up closed OMAPI connections can exhaust available sockets
https://notcve.org/view.php?id=CVE-2017-3144
25 Jan 2018 — A vulnerability stemming from failure to properly clean up closed OMAPI connections can lead to exhaustion of the pool of socket descriptors available to the DHCP server. Affects ISC DHCP 4.1.0 to 4.1-ESV-R15, 4.2.0 to 4.2.8, 4.3.0 to 4.3.6. Older versions may also be affected but are well beyond their end-of-life (EOL). Releases prior to 4.1.0 have not been tested. Una vulnerabilidad derivada del error al limpiar correctamente las conexiones OMAPI cerradas puede conducir al agotamiento del grupo de descrip... • http://www.securityfocus.com/bid/102726 • CWE-400: Uncontrolled Resource Consumption CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 10.0EPSS: 2%CPEs: 4EXPL: 0CVE-2018-5090 – Ubuntu Security Notice USN-3544-1
https://notcve.org/view.php?id=CVE-2018-5090
25 Jan 2018 — Memory safety bugs were reported in Firefox 57. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 58. Se han informado de errores de seguridad de memoria en Firefox 57. Algunos de estos errores mostraron evidencias de corrupción de memoria y se cree que, con el esfuerzo necesario, se podrían explotar para ejecutar código arbitrario. • http://www.securityfocus.com/bid/102786 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2018-5105 – Ubuntu Security Notice USN-3544-1
https://notcve.org/view.php?id=CVE-2018-5105
25 Jan 2018 — WebExtensions can bypass user prompts to first save and then open an arbitrarily downloaded file. This can result in an executable file running with local user privileges without explicit user consent. This vulnerability affects Firefox < 58. WebExtensions puede omitir los mensajes de diálogo del usuario para primero guardar y luego abrir un archivo descargado arbitrariamente. Esto puede resultar en la ejecución de un archivo ejecutable con privilegios de usuario locales sin el consentimiento explícito del ... • http://www.securityfocus.com/bid/102786 •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2018-5106 – Ubuntu Security Notice USN-3544-1
https://notcve.org/view.php?id=CVE-2018-5106
25 Jan 2018 — Style editor traffic in the Developer Tools can be routed through a service worker hosted on a third party website if a user selects error links when these tools are open. This can allow style editor information used within Developer Tools to leak cross-origin. This vulnerability affects Firefox < 58. El tráfico del editor de estilos en las herramientas del desarrollador se puede enrutar mediante un trabajador de servicio alojado en un sitio web externo si un usuario selecciona enlaces de error cuando estas... • http://www.securityfocus.com/bid/102786 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 1%CPEs: 4EXPL: 0CVE-2018-5107 – Ubuntu Security Notice USN-3544-1
https://notcve.org/view.php?id=CVE-2018-5107
25 Jan 2018 — The printing process can bypass local access protections to read files available through symlinks, bypassing local file restrictions. The printing process requires files in a specific format so arbitrary data cannot be read but it is possible that some local file information could be exposed. This vulnerability affects Firefox < 58. El proceso de impresión puede omitir protecciones de acceso local para leer archivos disponibles mediante symlinks, omitiendo las restricciones de archivos locales. El proceso d... • http://www.securityfocus.com/bid/102786 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2018-5111 – Ubuntu Security Notice USN-3544-1
https://notcve.org/view.php?id=CVE-2018-5111
25 Jan 2018 — When the text of a specially formatted URL is dragged to the addressbar from page content, the displayed URL can be spoofed to show a different site than the one loaded. This allows for phishing attacks where a malicious page can spoof the identify of another site. This vulnerability affects Firefox < 58. Cuando el texto de una URL especialmente formateada se arrastra a la barra de dirección desde el contenido de la página, la URL mostrada se puede suplantar para mostrar un sitio diferente que el que se ha ... • http://www.securityfocus.com/bid/102786 • CWE-20: Improper Input Validation •