CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-5391 – Ubuntu Security Notice USN-3175-1
https://notcve.org/view.php?id=CVE-2017-5391
30 Jan 2017 — Special "about:" pages used by web content, such as RSS feeds, can load privileged "about:" pages in an iframe. If a content-injection bug were found in one of those pages this could allow for potential privilege escalation. This vulnerability affects Firefox < 51. Las páginas "about:" especiales empleadas por el contenido web, como los feeds RSS, pueden cargar páginas "about:" privilegiadas en un iframe. Si se descubriese un error de inyección de contenidos en una de esas páginas, esto podría permitir un p... • http://www.securityfocus.com/bid/95763 •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2017-5374 – Ubuntu Security Notice USN-3175-1
https://notcve.org/view.php?id=CVE-2017-5374
30 Jan 2017 — Memory safety bugs were reported in Firefox 50.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 51. Se han reportado errores de seguridad de memoria en Firefox 50,1. Algunos de estos errores mostraron evidencias de corrupción de memoria y se entiende que, con el suficiente esfuerzo, algunos de estos podrían explotarse para ejecutar código arbitrario. • http://www.securityfocus.com/bid/95759 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2017-5389 – Ubuntu Security Notice USN-3175-1
https://notcve.org/view.php?id=CVE-2017-5389
30 Jan 2017 — WebExtensions could use the "mozAddonManager" API by modifying the CSP headers on sites with the appropriate permissions and then using host requests to redirect script loads to a malicious site. This allows a malicious extension to then install additional extensions without explicit user permission. This vulnerability affects Firefox < 51. WebExtensions podría emplear la API "mozAddonManager" modificando las cabeceras CSP en los sitios con los permisos apropiados y después empleando peticiones host para re... • http://www.securityfocus.com/bid/95763 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-5377 – Ubuntu Security Notice USN-3175-1
https://notcve.org/view.php?id=CVE-2017-5377
30 Jan 2017 — A memory corruption vulnerability in Skia that can occur when using transforms to make gradients, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 51. Puede ocurrir una vulnerabilidad de corrupción de memoria en Skia al emplear transforms para realizar gradientes, lo que resulta en un cierre inesperado potencialmente explotable. La vulnerabilidad afecta a Firefox en versiones anteriores a la 51. USN-3175-1 fixed vulnerabilities in Firefox. • http://www.securityfocus.com/bid/95761 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 1CVE-2017-5384 – Ubuntu Security Notice USN-3175-1
https://notcve.org/view.php?id=CVE-2017-5384
30 Jan 2017 — Proxy Auto-Config (PAC) files can specify a JavaScript function called for all URL requests with the full URL path which exposes more information than would be sent to the proxy itself in the case of HTTPS. Normally the Proxy Auto-Config file is specified by the user or machine owner and presumed to be non-malicious, but if a user has enabled Web Proxy Auto Detect (WPAD) this file can be served remotely. This vulnerability affects Firefox < 51. Los archivos PAC (Proxy Auto-Config) pueden especificar una fun... • http://www.securityfocus.com/bid/95763 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2017-5385 – Ubuntu Security Notice USN-3175-1
https://notcve.org/view.php?id=CVE-2017-5385
30 Jan 2017 — Data sent with in multipart channels, such as the multipart/x-mixed-replace MIME type, will ignore the referrer-policy response header, leading to potential information disclosure for sites using this header. This vulnerability affects Firefox < 51. Los datos enviados en canales multiparte, como el tipo MIME multipart/x-mixed-replace, ignorarán la cabecera de respuesta Referrer-Policy, lo que conduce a una potencial divulgación de información en los sitios que emplean esta cabecera. La vulnerabilidad afecta... • http://www.securityfocus.com/bid/95763 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 1CVE-2017-5387 – Ubuntu Security Notice USN-3175-1
https://notcve.org/view.php?id=CVE-2017-5387
30 Jan 2017 — The existence of a specifically requested local file can be found due to the double firing of the "onerror" when the "source" attribute on a "
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-5382 – Ubuntu Security Notice USN-3175-1
https://notcve.org/view.php?id=CVE-2017-5382
30 Jan 2017 — Feed preview for RSS feeds can be used to capture errors and exceptions generated by privileged content, allowing for the exposure of internal information not meant to be seen by web content. This vulnerability affects Firefox < 51. La previsualización de feeds para feeds RSS se puede utilizar para capturar errores y excepciones generadas por contenido privilegiado, lo que permite la exposición de información interna no diseñada para ser vista por contenido web. La vulnerabilidad afecta a Firefox en version... • http://www.securityfocus.com/bid/95763 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-5381 – Ubuntu Security Notice USN-3175-1
https://notcve.org/view.php?id=CVE-2017-5381
30 Jan 2017 — The "export" function in the Certificate Viewer can force local filesystem navigation when the "common name" in a certificate contains slashes, allowing certificate content to be saved in unsafe locations with an arbitrary filename. This vulnerability affects Firefox < 51. La función "export" en el visor de certificados puede forzar la navegación por el sistema de archivos local cuando el "common name" en un certificado contiene barras diagonales, lo que permite guardar el contenido de los certificados en u... • http://www.securityfocus.com/bid/95763 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 20EXPL: 1CVE-2017-5386 – Mozilla: WebExtensions can use data: protocol to affect other extensions (MFSA 2017-02)
https://notcve.org/view.php?id=CVE-2017-5386
25 Jan 2017 — WebExtension scripts can use the "data:" protocol to affect pages loaded by other web extensions using this protocol, leading to potential data disclosure or privilege escalation in affected extensions. This vulnerability affects Firefox ESR < 45.7 and Firefox < 51. Los scripts de WebExtension pueden emplear el protocolo "data:" para afectar a las páginas cargadas por otras extensiones web que empleen este protocolo, lo que conduce a una potencial divulgación de datos o un escalado de privilegios en las ext... • http://rhn.redhat.com/errata/RHSA-2017-0190.html •