CVSS: 7.5EPSS: 1%CPEs: 13EXPL: 0CVE-2016-9904 – Mozilla: Cross-origin information leak in shared atoms (MFSA 2016-94, MFSA 2016-95)
https://notcve.org/view.php?id=CVE-2016-9904
14 Dec 2016 — An attacker could use a JavaScript Map/Set timing attack to determine whether an atom is used by another compartment/zone in specific contexts. This could be used to leak information, such as usernames embedded in JavaScript code, across websites. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6. Un atacante podría utilizar un ataque de sincronización por JavaScript Map/Set para determinar si un atom está siendo empleado por otro compartimento/zona en determinados contex... • http://rhn.redhat.com/errata/RHSA-2016-2946.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2016-9078 – Ubuntu Security Notice USN-3140-1
https://notcve.org/view.php?id=CVE-2016-9078
01 Dec 2016 — Redirection from an HTTP connection to a "data:" URL assigns the referring site's origin to the "data:" URL in some circumstances. This can result in same-origin violations against a domain if it loads resources from malicious sites. Cross-origin setting of cookies has been demonstrated without the ability to read them. Note: This issue only affects Firefox 49 and 50. This vulnerability affects Firefox < 50.0.1. • http://www.securityfocus.com/bid/94569 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 7.5EPSS: 85%CPEs: 26EXPL: 8CVE-2016-9079 – Mozilla Firefox, Firefox ESR, and Thunderbird Use-After-Free Vulnerability
https://notcve.org/view.php?id=CVE-2016-9079
01 Dec 2016 — A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows. This vulnerability affects Firefox < 50.0.2, Firefox ESR < 45.5.1, and Thunderbird < 45.5.1. Se ha descubierto una vulnerabilidad de uso de memoria previamente liberada en SVG Animation. Se ha descubierto un exploit construido sobre esta vulnerabilidad "in the wild" que apunta a usuarios de Firefox y Tor Browser en Win... • https://packetstorm.news/files/id/140696 • CWE-416: Use After Free •
CVSS: 9.8EPSS: 3%CPEs: 1EXPL: 0CVE-2016-5289 – Ubuntu Security Notice USN-3124-1
https://notcve.org/view.php?id=CVE-2016-5289
19 Nov 2016 — Memory safety bugs were reported in Firefox 49. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 50. Se han reportado errores de seguridad de memoria en Firefox 49. Algunos de estos errores mostraron evidencias de corrupción de memoria y se entiende que, con el suficiente esfuerzo, algunos de estos podrían explotarse para ejecutar código arbitrario. • http://www.securityfocus.com/bid/94337 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 1%CPEs: 1EXPL: 0CVE-2016-5292 – Ubuntu Security Notice USN-3124-1
https://notcve.org/view.php?id=CVE-2016-5292
19 Nov 2016 — During URL parsing, a maliciously crafted URL can cause a potentially exploitable crash. This vulnerability affects Firefox < 50. Durante el análisis de URL, una URL maliciosamente manipulada podría provocar un cierre inesperado potencialmente explotable. La vulnerabilidad afecta a Firefox en versiones anteriores a la 50. Christian Holler, Andrew McCreight, Dan Minor, Tyson Smith, Jon Coppeard, Jan-Ivar Bruaroey, Jesse Ruderman, Markus Stange, Olli Pettay, Ehsan Akhgari, Gary Kwong, Tooru Fujisawa, and Rand... • http://www.securityfocus.com/bid/94337 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 2%CPEs: 9EXPL: 0CVE-2016-9063 – Apple Security Advisory 2017-10-31-8
https://notcve.org/view.php?id=CVE-2016-9063
19 Nov 2016 — An integer overflow during the parsing of XML using the Expat library. This vulnerability affects Firefox < 50. Desbordamiento de enteros durante el análisis de XML mediante la biblioteca Expat. La vulnerabilidad afecta a Firefox en versiones anteriores a la 50. Christian Holler, Andrew McCreight, Dan Minor, Tyson Smith, Jon Coppeard, Jan-Ivar Bruaroey, Jesse Ruderman, Markus Stange, Olli Pettay, Ehsan Akhgari, Gary Kwong, Tooru Fujisawa, and Randell Jesup discovered multiple memory safety issues in Firefox... • http://www.securityfocus.com/bid/94337 • CWE-190: Integer Overflow or Wraparound •
CVSS: 6.5EPSS: 3%CPEs: 1EXPL: 0CVE-2016-9067 – Ubuntu Security Notice USN-3124-1
https://notcve.org/view.php?id=CVE-2016-9067
19 Nov 2016 — Two use-after-free errors during DOM operations resulting in potentially exploitable crashes. This vulnerability affects Firefox < 50. Dos errores de uso de memoria previamente liberada durante operaciones DOM resultan en cierres inesperados potencialmente explotables. La vulnerabilidad afecta a Firefox en versiones anteriores a la 50. Christian Holler, Andrew McCreight, Dan Minor, Tyson Smith, Jon Coppeard, Jan-Ivar Bruaroey, Jesse Ruderman, Markus Stange, Olli Pettay, Ehsan Akhgari, Gary Kwong, Tooru Fuji... • http://www.securityfocus.com/bid/94337 • CWE-416: Use After Free •
CVSS: 7.5EPSS: 3%CPEs: 1EXPL: 0CVE-2016-9068 – Ubuntu Security Notice USN-3124-1
https://notcve.org/view.php?id=CVE-2016-9068
19 Nov 2016 — A use-after-free during web animations when working with timelines resulting in a potentially exploitable crash. This vulnerability affects Firefox < 50. Un uso de memoria previamente liberada durante las animaciones web al trabajar con timelines resulta en un cierre inesperado potencialmente explotable. La vulnerabilidad afecta a Firefox en versiones anteriores a la 50. Christian Holler, Andrew McCreight, Dan Minor, Tyson Smith, Jon Coppeard, Jan-Ivar Bruaroey, Jesse Ruderman, Markus Stange, Olli Pettay, E... • http://www.securityfocus.com/bid/94337 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-9069 – Ubuntu Security Notice USN-3124-1
https://notcve.org/view.php?id=CVE-2016-9069
19 Nov 2016 — A use-after-free in nsINode::ReplaceOrInsertBefore during DOM operations resulting in potentially exploitable crashes. This vulnerability affects Firefox < 50. Un error de uso de memoria previamente liberada en nsINode::ReplaceOrInsertBefore durante operaciones DOM resultan en cierres inesperados potencialmente explotables. La vulnerabilidad afecta a Firefox en versiones anteriores a la 50. Christian Holler, Andrew McCreight, Dan Minor, Tyson Smith, Jon Coppeard, Jan-Ivar Bruaroey, Jesse Ruderman, Markus St... • http://www.securityfocus.com/bid/94337 • CWE-416: Use After Free •
CVSS: 8.0EPSS: 1%CPEs: 1EXPL: 0CVE-2016-9070 – Ubuntu Security Notice USN-3124-1
https://notcve.org/view.php?id=CVE-2016-9070
19 Nov 2016 — A maliciously crafted page loaded to the sidebar through a bookmark can reference a privileged chrome window and engage in limited JavaScript operations violating cross-origin protections. This vulnerability affects Firefox < 50. Una página maliciosamente manipulada cargada en la barra lateral a través de un marcador puede referenciar una ventana de chrome privilegiada y comenzar operaciones limitadas de JavaScript que violan las protecciones Cross-Origin. La vulnerabilidad afecta a Firefox en versiones ant... • http://www.securityfocus.com/bid/94337 • CWE-264: Permissions, Privileges, and Access Controls •