CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-9068 – Ubuntu Security Notice USN-3124-1
https://notcve.org/view.php?id=CVE-2016-9068
19 Nov 2016 — A use-after-free during web animations when working with timelines resulting in a potentially exploitable crash. This vulnerability affects Firefox < 50. Un uso de memoria previamente liberada durante las animaciones web al trabajar con timelines resulta en un cierre inesperado potencialmente explotable. La vulnerabilidad afecta a Firefox en versiones anteriores a la 50. Christian Holler, Andrew McCreight, Dan Minor, Tyson Smith, Jon Coppeard, Jan-Ivar Bruaroey, Jesse Ruderman, Markus Stange, Olli Pettay, E... • http://www.securityfocus.com/bid/94337 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-9069 – Ubuntu Security Notice USN-3124-1
https://notcve.org/view.php?id=CVE-2016-9069
19 Nov 2016 — A use-after-free in nsINode::ReplaceOrInsertBefore during DOM operations resulting in potentially exploitable crashes. This vulnerability affects Firefox < 50. Un error de uso de memoria previamente liberada en nsINode::ReplaceOrInsertBefore durante operaciones DOM resultan en cierres inesperados potencialmente explotables. La vulnerabilidad afecta a Firefox en versiones anteriores a la 50. Christian Holler, Andrew McCreight, Dan Minor, Tyson Smith, Jon Coppeard, Jan-Ivar Bruaroey, Jesse Ruderman, Markus St... • http://www.securityfocus.com/bid/94337 • CWE-416: Use After Free •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-5289 – Ubuntu Security Notice USN-3124-1
https://notcve.org/view.php?id=CVE-2016-5289
19 Nov 2016 — Memory safety bugs were reported in Firefox 49. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 50. Se han reportado errores de seguridad de memoria en Firefox 49. Algunos de estos errores mostraron evidencias de corrupción de memoria y se entiende que, con el suficiente esfuerzo, algunos de estos podrían explotarse para ejecutar código arbitrario. • http://www.securityfocus.com/bid/94337 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-9073 – Ubuntu Security Notice USN-3124-1
https://notcve.org/view.php?id=CVE-2016-9073
19 Nov 2016 — WebExtensions can bypass security checks to load privileged URLs and potentially escape the WebExtension sandbox. This vulnerability affects Firefox < 50. WebExtensions puede omitir las comprobaciones de seguridad para cargar URL privilegiadas y escapar del sandbox de WebExtension. La vulnerabilidad afecta a Firefox en versiones anteriores a la 50. Christian Holler, Andrew McCreight, Dan Minor, Tyson Smith, Jon Coppeard, Jan-Ivar Bruaroey, Jesse Ruderman, Markus Stange, Olli Pettay, Ehsan Akhgari, Gary Kwon... • http://www.securityfocus.com/bid/94337 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-9071 – Ubuntu Security Notice USN-3124-1
https://notcve.org/view.php?id=CVE-2016-9071
19 Nov 2016 — Content Security Policy combined with HTTP to HTTPS redirection can be used by malicious server to verify whether a known site is within a user's browser history. This vulnerability affects Firefox < 50. Content Security Policy, junto con la redirección HTTP a HTTPS, puede ser empleado por un servidor malicioso para verificar si un sitio conocido existe en el historial de navegación de un usuario. La vulnerabilidad afecta a Firefox en versiones anteriores a la 50. Christian Holler, Andrew McCreight, Dan Min... • http://www.securityfocus.com/bid/94337 • CWE-254: 7PK - Security Features •
CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0CVE-2016-9070 – Ubuntu Security Notice USN-3124-1
https://notcve.org/view.php?id=CVE-2016-9070
19 Nov 2016 — A maliciously crafted page loaded to the sidebar through a bookmark can reference a privileged chrome window and engage in limited JavaScript operations violating cross-origin protections. This vulnerability affects Firefox < 50. Una página maliciosamente manipulada cargada en la barra lateral a través de un marcador puede referenciar una ventana de chrome privilegiada y comenzar operaciones limitadas de JavaScript que violan las protecciones Cross-Origin. La vulnerabilidad afecta a Firefox en versiones ant... • http://www.securityfocus.com/bid/94337 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0CVE-2016-9077 – Ubuntu Security Notice USN-3124-1
https://notcve.org/view.php?id=CVE-2016-9077
19 Nov 2016 — Canvas allows the use of the "feDisplacementMap" filter on images loaded cross-origin. The rendering by the filter is variable depending on the input pixel, allowing for timing attacks when the images are loaded from third party locations. This vulnerability affects Firefox < 50. Canvas permite el uso del filtro "feDisplacementMap" en Cross-Origin cargado en imágenes. El renderizado realizado por el filtro es variable dependiendo del píxel de entrada, lo que permite ataques de sincronización cuando las imág... • http://www.securityfocus.com/bid/94337 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 9.8EPSS: 1%CPEs: 9EXPL: 0CVE-2016-9063 – Apple Security Advisory 2017-10-31-8
https://notcve.org/view.php?id=CVE-2016-9063
19 Nov 2016 — An integer overflow during the parsing of XML using the Expat library. This vulnerability affects Firefox < 50. Desbordamiento de enteros durante el análisis de XML mediante la biblioteca Expat. La vulnerabilidad afecta a Firefox en versiones anteriores a la 50. Christian Holler, Andrew McCreight, Dan Minor, Tyson Smith, Jon Coppeard, Jan-Ivar Bruaroey, Jesse Ruderman, Markus Stange, Olli Pettay, Ehsan Akhgari, Gary Kwong, Tooru Fujisawa, and Randell Jesup discovered multiple memory safety issues in Firefox... • http://www.securityfocus.com/bid/94337 • CWE-190: Integer Overflow or Wraparound •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-5292 – Ubuntu Security Notice USN-3124-1
https://notcve.org/view.php?id=CVE-2016-5292
19 Nov 2016 — During URL parsing, a maliciously crafted URL can cause a potentially exploitable crash. This vulnerability affects Firefox < 50. Durante el análisis de URL, una URL maliciosamente manipulada podría provocar un cierre inesperado potencialmente explotable. La vulnerabilidad afecta a Firefox en versiones anteriores a la 50. Christian Holler, Andrew McCreight, Dan Minor, Tyson Smith, Jon Coppeard, Jan-Ivar Bruaroey, Jesse Ruderman, Markus Stange, Olli Pettay, Ehsan Akhgari, Gary Kwong, Tooru Fujisawa, and Rand... • http://www.securityfocus.com/bid/94337 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-9067 – Ubuntu Security Notice USN-3124-1
https://notcve.org/view.php?id=CVE-2016-9067
19 Nov 2016 — Two use-after-free errors during DOM operations resulting in potentially exploitable crashes. This vulnerability affects Firefox < 50. Dos errores de uso de memoria previamente liberada durante operaciones DOM resultan en cierres inesperados potencialmente explotables. La vulnerabilidad afecta a Firefox en versiones anteriores a la 50. Christian Holler, Andrew McCreight, Dan Minor, Tyson Smith, Jon Coppeard, Jan-Ivar Bruaroey, Jesse Ruderman, Markus Stange, Olli Pettay, Ehsan Akhgari, Gary Kwong, Tooru Fuji... • http://www.securityfocus.com/bid/94337 • CWE-416: Use After Free •