CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 1CVE-2017-5385 – Ubuntu Security Notice USN-3175-1
https://notcve.org/view.php?id=CVE-2017-5385
30 Jan 2017 — Data sent with in multipart channels, such as the multipart/x-mixed-replace MIME type, will ignore the referrer-policy response header, leading to potential information disclosure for sites using this header. This vulnerability affects Firefox < 51. Los datos enviados en canales multiparte, como el tipo MIME multipart/x-mixed-replace, ignorarán la cabecera de respuesta Referrer-Policy, lo que conduce a una potencial divulgación de información en los sitios que emplean esta cabecera. La vulnerabilidad afecta... • http://www.securityfocus.com/bid/95763 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 1CVE-2017-5387 – Ubuntu Security Notice USN-3175-1
https://notcve.org/view.php?id=CVE-2017-5387
30 Jan 2017 — The existence of a specifically requested local file can be found due to the double firing of the "onerror" when the "source" attribute on a "
CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 0CVE-2017-5388 – Ubuntu Security Notice USN-3175-1
https://notcve.org/view.php?id=CVE-2017-5388
30 Jan 2017 — A STUN server in conjunction with a large number of "webkitRTCPeerConnection" objects can be used to send large STUN packets in a short period of time due to a lack of rate limiting being applied on e10s systems, allowing for a denial of service attack. This vulnerability affects Firefox < 51. Un servidor STUN, junto con un gran número de objetos "webkitRTCPeerConnection", puede emplearse para enviar paquetes STUN grandes en un corto período de tiempo debido a la falta de limitación de tasa aplicada en los ... • http://www.securityfocus.com/bid/95763 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2017-5389 – Ubuntu Security Notice USN-3175-1
https://notcve.org/view.php?id=CVE-2017-5389
30 Jan 2017 — WebExtensions could use the "mozAddonManager" API by modifying the CSP headers on sites with the appropriate permissions and then using host requests to redirect script loads to a malicious site. This allows a malicious extension to then install additional extensions without explicit user permission. This vulnerability affects Firefox < 51. WebExtensions podría emplear la API "mozAddonManager" modificando las cabeceras CSP en los sitios con los permisos apropiados y después empleando peticiones host para re... • http://www.securityfocus.com/bid/95763 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 9.8EPSS: 4%CPEs: 1EXPL: 0CVE-2017-5391 – Ubuntu Security Notice USN-3175-1
https://notcve.org/view.php?id=CVE-2017-5391
30 Jan 2017 — Special "about:" pages used by web content, such as RSS feeds, can load privileged "about:" pages in an iframe. If a content-injection bug were found in one of those pages this could allow for potential privilege escalation. This vulnerability affects Firefox < 51. Las páginas "about:" especiales empleadas por el contenido web, como los feeds RSS, pueden cargar páginas "about:" privilegiadas en un iframe. Si se descubriese un error de inyección de contenidos en una de esas páginas, esto podría permitir un p... • http://www.securityfocus.com/bid/95763 •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-5393 – Ubuntu Security Notice USN-3175-1
https://notcve.org/view.php?id=CVE-2017-5393
30 Jan 2017 — The "mozAddonManager" allows for the installation of extensions from the CDN for addons.mozilla.org, a publicly accessible site. This could allow malicious extensions to install additional extensions from the CDN in combination with an XSS attack on Mozilla AMO sites. This vulnerability affects Firefox < 51. "mozAddonManager" permite la instalación de extensiones del CDN para addons.mozilla.org, un sitio accesible de forma pública. Esto podría permitir que extensiones maliciosas instalen extensiones adicion... • http://www.securityfocus.com/bid/95763 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 2%CPEs: 13EXPL: 0CVE-2017-5373 – Mozilla: Memory safety bugs fixed in Firefox 51 and Firefox ESR 45.7 (MFSA 2017-01)
https://notcve.org/view.php?id=CVE-2017-5373
25 Jan 2017 — Memory safety bugs were reported in Firefox 50.1 and Firefox ESR 45.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51. Se han reportado errores de seguridad de memoria en Firefox 50.1 y Firefox ESR 45.6. Algunos de estos errores mostraron evidencias de corrupción de memoria y se entiende que, con el suficiente esfuerz... • http://rhn.redhat.com/errata/RHSA-2017-0190.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 59%CPEs: 13EXPL: 6CVE-2017-5375 – Firefox 44.0.2 - ASM.JS JIT-Spray Remote Code Execution
https://notcve.org/view.php?id=CVE-2017-5375
25 Jan 2017 — JIT code allocation can allow for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51. La asignación de código JIT puede permitir la omisión de las protecciones ASLR y DEP, lo que conduce a ataques de corrupción de memoria. La vulnerabilidad afecta a Thunderbird en versiones anteriores a la 45.7, Firefox ESR en versiones anteriores a la 45.7 y Firefox en versiones anteriores a la 51. USN-3175... • https://packetstorm.news/files/id/146819 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 2%CPEs: 21EXPL: 0CVE-2017-5376 – Mozilla: Use-after-free in XSL (MFSA 2017-02)
https://notcve.org/view.php?id=CVE-2017-5376
25 Jan 2017 — Use-after-free while manipulating XSL in XSLT documents. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51. Uso de memoria previamente liberada al manipular XSL en documentos XSLT. La vulnerabilidad afecta a Thunderbird en versiones anteriores a la 45.7, Firefox ESR en versiones anteriores a la 45.7 y Firefox en versiones anteriores a la 51. USN-3175-1 fixed vulnerabilities in Firefox. • http://rhn.redhat.com/errata/RHSA-2017-0190.html • CWE-416: Use After Free •
CVSS: 7.5EPSS: 1%CPEs: 21EXPL: 1CVE-2017-5378 – Mozilla: Pointer and frame data leakage of Javascript objects (MFSA 2017-02)
https://notcve.org/view.php?id=CVE-2017-5378
25 Jan 2017 — Hashed codes of JavaScript objects are shared between pages. This allows for pointer leaks because an object's address can be discovered through hash codes, and also allows for data leakage of an object's content using these hash codes. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51. Los códigos hasheados de objetos JavaScript se comparten entre páginas. Esto permite fugas de puntero debido a que se puede descubrir la dirección de un objeto por medio de los códigos hash ... • http://rhn.redhat.com/errata/RHSA-2017-0190.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •