CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-5271 – Gentoo Linux Security Advisory 201701-15
https://notcve.org/view.php?id=CVE-2016-5271
22 Sep 2016 — The PropertyProvider::GetSpacingInternal function in Mozilla Firefox before 49.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via text runs in conjunction with a "display: contents" Cascading Style Sheets (CSS) property. La función PropertyProvider::GetSpacingInternal en Mozilla Firefox en versiones anteriores a 49.0 permite a atacantes remotos provocar una denegación de servicio (lectura fuera de límites y caída de aplicación) a través de carreras de texto... • http://www.mozilla.org/security/announce/2016/mfsa2016-85.html • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-5283 – Gentoo Linux Security Advisory 201701-15
https://notcve.org/view.php?id=CVE-2016-5283
22 Sep 2016 — Mozilla Firefox before 49.0 allows remote attackers to bypass the Same Origin Policy via a crafted fragment identifier in the SRC attribute of an IFRAME element, leading to insufficient restrictions on link-color information after a document is resized. Mozilla Firefox en versiones anteriores a 49.0 permite a atacantes remotos eludir la Same Origin Policy a través de un identificador de fragmento manipulado en el atributo SRC de un elemento IFRAME, dando lugar a restricciones insuficientes en información de... • http://www.mozilla.org/security/announce/2016/mfsa2016-85.html • CWE-284: Improper Access Control •
CVSS: 8.8EPSS: 2%CPEs: 1EXPL: 0CVE-2016-5275 – Gentoo Linux Security Advisory 201701-15
https://notcve.org/view.php?id=CVE-2016-5275
22 Sep 2016 — Buffer overflow in the mozilla::gfx::FilterSupport::ComputeSourceNeededRegions function in Mozilla Firefox before 49.0 allows remote attackers to execute arbitrary code by leveraging improper interaction between empty filters and CANVAS element rendering. Desbordamiento de búfer en la función mozilla::gfx::FilterSupport::ComputeSourceNeededRegions en Mozilla Firefox en versiones anteriores a 49.0 permite a atacantes remotos ejecutar código arbitrario aprovechando interacción indebida entre filtros vacíos y ... • http://www.mozilla.org/security/announce/2016/mfsa2016-85.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-5282 – Gentoo Linux Security Advisory 201701-15
https://notcve.org/view.php?id=CVE-2016-5282
22 Sep 2016 — Mozilla Firefox before 49.0 does not properly restrict the scheme in favicon requests, which might allow remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by a jar: URL for a favicon resource. Mozilla Firefox en versiones anteriores a 49.0 no restringe adecuadamente el esquema en peticiones favicon, lo que podría permitir a atacantes remotos obtener información sensible a través de vectores no especificados, según lo demostrado por una URL jar: para un recurso favicon... • http://www.mozilla.org/security/announce/2016/mfsa2016-85.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-2827 – Gentoo Linux Security Advisory 201701-15
https://notcve.org/view.php?id=CVE-2016-2827
22 Sep 2016 — The mozilla::net::IsValidReferrerPolicy function in Mozilla Firefox before 49.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a Content Security Policy (CSP) referrer directive with zero values. La función mozilla::net::IsValidReferrerPolicy en Mozilla Firefox en versiones anteriores a 49.0 permite a atacantes remotos provocar una denegación de servicio (lectura fuera de límites y caída de aplicación) a través de una directiva de referencia Content Secur... • http://www.securityfocus.com/bid/93052 • CWE-125: Out-of-bounds Read •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-5279 – Gentoo Linux Security Advisory 201701-15
https://notcve.org/view.php?id=CVE-2016-5279
22 Sep 2016 — Mozilla Firefox before 49.0 allows user-assisted remote attackers to obtain sensitive full-pathname information during a local-file drag-and-drop operation via crafted JavaScript code. Mozilla Firefox en versiones anteriores a 49.0 permite a atacantes remotos asistidos por un usuario obtener información sensible de un nombre de ruta completo durante una operación de arrastrar y soltar de archivo local a través de código JavaScript manipulado. Atte Kettunen discovered an out-of-bounds read when handling cert... • http://www.mozilla.org/security/announce/2016/mfsa2016-85.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 3%CPEs: 1EXPL: 0CVE-2016-5256 – Gentoo Linux Security Advisory 201701-15
https://notcve.org/view.php?id=CVE-2016-5256
22 Sep 2016 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 49.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor de búsqueda en Mozilla Firefox en versiones anteriores a 49.0 permiten a atacantes remotos provocar una denegación de servicio (corrupción de memoria y caída de aplicación) o posiblemente ejecutar código arbitrario a... • http://www.mozilla.org/security/announce/2016/mfsa2016-85.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 1%CPEs: 5EXPL: 0CVE-2016-5272 – Mozilla: Bad cast in nsImageGeometryMixin (MFSA 2016-85, MFSA 2016-86)
https://notcve.org/view.php?id=CVE-2016-5272
21 Sep 2016 — The nsImageGeometryMixin class in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 does not properly perform a cast of an unspecified variable during handling of INPUT elements, which allows remote attackers to execute arbitrary code via a crafted web site. La clase nsImageGeometryMixin en Mozilla Firefox en versiones anteriores a la 49.0, Firefox ESR en versiones 45.x anteriores a la 45.4 y Thunderbird en versiones anteriores a la 45.4 no devuelve correctamente una variable... • http://rhn.redhat.com/errata/RHSA-2016-1912.html • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 3%CPEs: 5EXPL: 0CVE-2016-5270 – Mozilla: Heap-buffer-overflow in nsCaseTransformTextRunFactory::TransformString (MFSA 2016-85, MFSA 2016-86)
https://notcve.org/view.php?id=CVE-2016-5270
21 Sep 2016 — Heap-based buffer overflow in the nsCaseTransformTextRunFactory::TransformString function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to cause a denial of service (boolean out-of-bounds write) or possibly have unspecified other impact via Unicode characters that are mishandled during text conversion. Desbordamiento de búfer basado en memoria dinámica (heap) en la función nsCaseTransformTextRunFactory::TransformString en Mozilla Firefox en vers... • http://rhn.redhat.com/errata/RHSA-2016-1912.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 7.4EPSS: 0%CPEs: 7EXPL: 0CVE-2016-5284 – Mozilla: Add-on update site certificate pin expiration (MFSA 2016-85, MFSA 2016-86)
https://notcve.org/view.php?id=CVE-2016-5284
21 Sep 2016 — Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 rely on unintended expiration dates for Preloaded Public Key Pinning, which allows man-in-the-middle attackers to spoof add-on updates by leveraging possession of an X.509 server certificate for addons.mozilla.org signed by an arbitrary built-in Certification Authority. Mozilla Firefox en versiones anteriores a la 49.0, Firefox ESR en versiones 45.x anteriores a la 45.4 y Thunderbird en versiones anteriores a la 45.4 confían e... • http://rhn.redhat.com/errata/RHSA-2016-1912.html • CWE-20: Improper Input Validation •