CVSS: 7.5EPSS: 0%CPEs: 21EXPL: 1CVE-2016-9900 – Mozilla: Restricted external resources can be loaded by SVG images through data URLs (MFSA 2016-94, MFSA 2016-95)
https://notcve.org/view.php?id=CVE-2016-9900
14 Dec 2016 — External resources that should be blocked when loaded by SVG images can bypass security restrictions through the use of "data:" URLs. This could allow for cross-domain data leakage. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6. Los recursos externos que deberían estar bloqueados al ser cargados por imágenes SVG pueden omitir restricciones de seguridad mediante el uso de URL "data:". Esto podría permitir el filtrado de datos Cross-Domain. • http://rhn.redhat.com/errata/RHSA-2016-2946.html • CWE-254: 7PK - Security Features •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 1CVE-2016-9896 – Ubuntu Security Notice USN-3155-1
https://notcve.org/view.php?id=CVE-2016-9896
14 Dec 2016 — Use-after-free while manipulating the "navigator" object within WebVR. Note: WebVR is not currently enabled by default. This vulnerability affects Firefox < 50.1. Uso de memoria previamente liberada al manipular el objeto "navigator" en WebVR. Nota: Actualmente, WebVR no está habilitado por defecto. • http://www.securityfocus.com/bid/94883 • CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-9894 – Ubuntu Security Notice USN-3155-1
https://notcve.org/view.php?id=CVE-2016-9894
14 Dec 2016 — A buffer overflow in SkiaGl caused when a GrGLBuffer is truncated during allocation. Later writers will overflow the buffer, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 50.1. Se ha provocado un desbordamiento de búfer en SkiaGl cuando se trunca un GrGLBuffer durante la asignación. Las escrituras posteriores desbordarán el búfer, lo que resulta en un cierre inesperado potencialmente explotable. • http://www.securityfocus.com/bid/94883 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2016-9078 – Ubuntu Security Notice USN-3140-1
https://notcve.org/view.php?id=CVE-2016-9078
01 Dec 2016 — Redirection from an HTTP connection to a "data:" URL assigns the referring site's origin to the "data:" URL in some circumstances. This can result in same-origin violations against a domain if it loads resources from malicious sites. Cross-origin setting of cookies has been demonstrated without the ability to read them. Note: This issue only affects Firefox 49 and 50. This vulnerability affects Firefox < 50.0.1. • http://www.securityfocus.com/bid/94569 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 7.5EPSS: 95%CPEs: 26EXPL: 8CVE-2016-9079 – Mozilla Firefox, Firefox ESR, and Thunderbird Use-After-Free Vulnerability
https://notcve.org/view.php?id=CVE-2016-9079
01 Dec 2016 — A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows. This vulnerability affects Firefox < 50.0.2, Firefox ESR < 45.5.1, and Thunderbird < 45.5.1. Se ha descubierto una vulnerabilidad de uso de memoria previamente liberada en SVG Animation. Se ha descubierto un exploit construido sobre esta vulnerabilidad "in the wild" que apunta a usuarios de Firefox y Tor Browser en Win... • https://packetstorm.news/files/id/140696 • CWE-416: Use After Free •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-9075 – Ubuntu Security Notice USN-3124-1
https://notcve.org/view.php?id=CVE-2016-9075
19 Nov 2016 — An issue where WebExtensions can use the mozAddonManager API to elevate privilege due to privileged pages being allowed in the permissions list. This allows a malicious extension to then install additional extensions without explicit user permission. This vulnerability affects Firefox < 50. Problema por el cual WebExtensions puede emplear la API mozAddonManager para elevar privilegios debido a que las páginas privilegiadas se permiten en la lista de permisos. Esto permite que una extensión maliciosa instale... • http://www.securityfocus.com/bid/94337 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2016-9076 – Ubuntu Security Notice USN-3124-1
https://notcve.org/view.php?id=CVE-2016-9076
19 Nov 2016 — An issue where a "<select>" dropdown menu can be used to cover location bar content, resulting in potential spoofing attacks. This attack requires e10s to be enabled in order to function. This vulnerability affects Firefox < 50. Un problema por el cual un menú desplegable "" puede emplearse para cubrir el contenido de la barra de direcciones, lo que resulta en potenciales ataques de suplantación. Este ataque requiere que los e10s estén habilitados para tener éxito. • http://www.securityfocus.com/bid/94337 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-9068 – Ubuntu Security Notice USN-3124-1
https://notcve.org/view.php?id=CVE-2016-9068
19 Nov 2016 — A use-after-free during web animations when working with timelines resulting in a potentially exploitable crash. This vulnerability affects Firefox < 50. Un uso de memoria previamente liberada durante las animaciones web al trabajar con timelines resulta en un cierre inesperado potencialmente explotable. La vulnerabilidad afecta a Firefox en versiones anteriores a la 50. Christian Holler, Andrew McCreight, Dan Minor, Tyson Smith, Jon Coppeard, Jan-Ivar Bruaroey, Jesse Ruderman, Markus Stange, Olli Pettay, E... • http://www.securityfocus.com/bid/94337 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-9069 – Ubuntu Security Notice USN-3124-1
https://notcve.org/view.php?id=CVE-2016-9069
19 Nov 2016 — A use-after-free in nsINode::ReplaceOrInsertBefore during DOM operations resulting in potentially exploitable crashes. This vulnerability affects Firefox < 50. Un error de uso de memoria previamente liberada en nsINode::ReplaceOrInsertBefore durante operaciones DOM resultan en cierres inesperados potencialmente explotables. La vulnerabilidad afecta a Firefox en versiones anteriores a la 50. Christian Holler, Andrew McCreight, Dan Minor, Tyson Smith, Jon Coppeard, Jan-Ivar Bruaroey, Jesse Ruderman, Markus St... • http://www.securityfocus.com/bid/94337 • CWE-416: Use After Free •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-5289 – Ubuntu Security Notice USN-3124-1
https://notcve.org/view.php?id=CVE-2016-5289
19 Nov 2016 — Memory safety bugs were reported in Firefox 49. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 50. Se han reportado errores de seguridad de memoria en Firefox 49. Algunos de estos errores mostraron evidencias de corrupción de memoria y se entiende que, con el suficiente esfuerzo, algunos de estos podrían explotarse para ejecutar código arbitrario. • http://www.securityfocus.com/bid/94337 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •