CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2017-5417 – Ubuntu Security Notice USN-3216-1
https://notcve.org/view.php?id=CVE-2017-5417
08 Mar 2017 — When dragging content from the primary browser pane to the addressbar on a malicious site, it is possible to change the addressbar so that the displayed location following navigation does not match the URL of the newly loaded page. This allows for spoofing attacks. This vulnerability affects Firefox < 52. Al arrastrar contenido del panel del navegador primario a la barra de direcciones de un sitio web malicioso, es posible cambiar la barra de direcciones para que la localización después de la navegación no ... • http://www.securityfocus.com/bid/96692 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 1%CPEs: 21EXPL: 1CVE-2017-5401 – Mozilla: Memory Corruption when handling ErrorResult (MFSA 2017-06)
https://notcve.org/view.php?id=CVE-2017-5401
08 Mar 2017 — A crash triggerable by web content in which an "ErrorResult" references unassigned memory due to a logic error. The resulting crash may be exploitable. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8. Un cierre inesperado desencadenable mediante contenido web en el que un "ErrorResult" referencia memoria no asignada debido a un error de lógica. El cierre inesperado resultante podría ser explotado. • http://rhn.redhat.com/errata/RHSA-2017-0459.html • CWE-388: 7PK - Errors •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2017-5420 – Ubuntu Security Notice USN-3216-1
https://notcve.org/view.php?id=CVE-2017-5420
08 Mar 2017 — A "javascript:" url loaded by a malicious page can obfuscate its location by blanking the URL displayed in the addressbar, allowing for an attacker to spoof an existing page without the malicious page's address being displayed correctly. This vulnerability affects Firefox < 52. Una URL "javascript:" cargada por una página maliciosa puede ofuscar su ubicación dejando en blanco la URL mostrada en la barra de direcciones, lo que permite que un atacante suplante una página existente sin que la dirección malicio... • http://www.securityfocus.com/bid/96692 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2017-5416 – Ubuntu Security Notice USN-3216-1
https://notcve.org/view.php?id=CVE-2017-5416
08 Mar 2017 — In certain circumstances a networking event listener can be prematurely released. This appears to result in a null dereference in practice. This vulnerability affects Firefox < 52 and Thunderbird < 52. En determinadas circunstancias, un escuchador de eventos de red puede liberarse prematuramente. Esto parece resultar en la práctica en una desreferencia NULL. • http://www.securityfocus.com/bid/96692 • CWE-476: NULL Pointer Dereference •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2017-5426 – Ubuntu Security Notice USN-3216-1
https://notcve.org/view.php?id=CVE-2017-5426
08 Mar 2017 — On Linux, if the secure computing mode BPF (seccomp-bpf) filter is running when the Gecko Media Plugin sandbox is started, the sandbox fails to be applied and items that would run within the sandbox are run protected only by the running filter which is typically weak compared to the sandbox. Note: this issue only affects Linux. Other operating systems are not affected. This vulnerability affects Firefox < 52 and Thunderbird < 52. En Linux, si el filtro BPF en modo secure computing (seccomp-bpf) se está ejec... • http://www.securityfocus.com/bid/96694 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2017-5379 – Ubuntu Security Notice USN-3175-1
https://notcve.org/view.php?id=CVE-2017-5379
30 Jan 2017 — Use-after-free vulnerability in Web Animations when interacting with cycle collection found through fuzzing. This vulnerability affects Firefox < 51. Vulnerabilidad de uso de memoria previamente liberada en Web Animations al interactuar con la recolección de ciclos encontrada a través de fuzzing. La vulnerabilidad afecta a Firefox en versiones anteriores a la 51. USN-3175-1 fixed vulnerabilities in Firefox. • http://www.securityfocus.com/bid/95763 • CWE-416: Use After Free •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-5393 – Ubuntu Security Notice USN-3175-1
https://notcve.org/view.php?id=CVE-2017-5393
30 Jan 2017 — The "mozAddonManager" allows for the installation of extensions from the CDN for addons.mozilla.org, a publicly accessible site. This could allow malicious extensions to install additional extensions from the CDN in combination with an XSS attack on Mozilla AMO sites. This vulnerability affects Firefox < 51. "mozAddonManager" permite la instalación de extensiones del CDN para addons.mozilla.org, un sitio accesible de forma pública. Esto podría permitir que extensiones maliciosas instalen extensiones adicion... • http://www.securityfocus.com/bid/95763 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-5388 – Ubuntu Security Notice USN-3175-1
https://notcve.org/view.php?id=CVE-2017-5388
30 Jan 2017 — A STUN server in conjunction with a large number of "webkitRTCPeerConnection" objects can be used to send large STUN packets in a short period of time due to a lack of rate limiting being applied on e10s systems, allowing for a denial of service attack. This vulnerability affects Firefox < 51. Un servidor STUN, junto con un gran número de objetos "webkitRTCPeerConnection", puede emplearse para enviar paquetes STUN grandes en un corto período de tiempo debido a la falta de limitación de tasa aplicada en los ... • http://www.securityfocus.com/bid/95763 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-5391 – Ubuntu Security Notice USN-3175-1
https://notcve.org/view.php?id=CVE-2017-5391
30 Jan 2017 — Special "about:" pages used by web content, such as RSS feeds, can load privileged "about:" pages in an iframe. If a content-injection bug were found in one of those pages this could allow for potential privilege escalation. This vulnerability affects Firefox < 51. Las páginas "about:" especiales empleadas por el contenido web, como los feeds RSS, pueden cargar páginas "about:" privilegiadas en un iframe. Si se descubriese un error de inyección de contenidos en una de esas páginas, esto podría permitir un p... • http://www.securityfocus.com/bid/95763 •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2017-5374 – Ubuntu Security Notice USN-3175-1
https://notcve.org/view.php?id=CVE-2017-5374
30 Jan 2017 — Memory safety bugs were reported in Firefox 50.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 51. Se han reportado errores de seguridad de memoria en Firefox 50,1. Algunos de estos errores mostraron evidencias de corrupción de memoria y se entiende que, con el suficiente esfuerzo, algunos de estos podrían explotarse para ejecutar código arbitrario. • http://www.securityfocus.com/bid/95759 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •