CVSS: 8.8EPSS: 2%CPEs: 1EXPL: 0CVE-2016-2835 – Gentoo Linux Security Advisory 201701-15
https://notcve.org/view.php?id=CVE-2016-2835
05 Aug 2016 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 48.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Multiples vulnerabilidades no especificadas en el motor del navegador en Mozilla Firefox en versiones anteriores a 48.0 permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria y caída de aplicación) o posiblemente ejecutar código arbitrario ... • http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00004.html •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-5260 – Gentoo Linux Security Advisory 201701-15
https://notcve.org/view.php?id=CVE-2016-5260
05 Aug 2016 — Mozilla Firefox before 48.0 mishandles changes from 'INPUT type="password"' to 'INPUT type="text"' within a single Session Manager session, which might allow attackers to discover cleartext passwords by reading a session restoration file. Mozilla Firefox en versiones anteriores a 48.0 no maneja correctamente cambios de 'INPUT type="password"' a 'INPUT type="text"' dentro de una sola sesión Session Manager, lo que podría permitir a atacantes descubrir contraseñas en texto plano mediante la lectura de un arch... • http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00004.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.1EPSS: 1%CPEs: 1EXPL: 0CVE-2016-5266 – Gentoo Linux Security Advisory 201701-15
https://notcve.org/view.php?id=CVE-2016-5266
05 Aug 2016 — Mozilla Firefox before 48.0 does not properly restrict drag-and-drop (aka dataTransfer) actions for file: URIs, which allows user-assisted remote attackers to access local files via a crafted web site. Mozilla Firefox en versiones anteriores a 48.0 no restringe adecuadamente acciones arrastrar y soltar (también conocido como dataTransfer) para file: URIs, lo que permite a atacantes remotos asistidos por usuario acceder a archivos locales a través de un sitio web manipulado. Gustavo Grieco discovered an out-... • http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00004.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.8EPSS: 1%CPEs: 8EXPL: 0CVE-2016-2837 – Mozilla Firefox ClearKeyDecryptor Heap Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-2837
03 Aug 2016 — Heap-based buffer overflow in the ClearKey Content Decryption Module (CDM) in the Encrypted Media Extensions (EME) API in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 might allow remote attackers to execute arbitrary code by providing a malformed video and leveraging a Gecko Media Plugin (GMP) sandbox bypass. Desbordamiento de búfer basado en memoria dinámica en el ClearKey Content Decryption Module (CDM) en el Encrypted Media Extensions (EME) API en Mozilla Firefox en versiones anteriores a... • http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00004.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 1%CPEs: 8EXPL: 0CVE-2016-5252 – Mozilla: Stack underflow during 2D graphics rendering (MFSA 2016-67)
https://notcve.org/view.php?id=CVE-2016-5252
03 Aug 2016 — Stack-based buffer underflow in the mozilla::gfx::BasePoint4d function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code via crafted two-dimensional graphics data that is mishandled during clipping-region calculations. Desbordamiento inferior de búfer basado en pila en la función mozilla::gfx::BasePoint4d en Mozilla Firefox en versiones anteriores a 48.0 y Firefox ESR 45.x en versiones anteriores a 45.3 permite a atacantes remotos ejecutar códi... • http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00004.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2016-5265 – Mozilla: Same-origin policy violation using local HTML file and saved shortcut file (MFSA 2016-80)
https://notcve.org/view.php?id=CVE-2016-5265
03 Aug 2016 — Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allow user-assisted remote attackers to bypass the Same Origin Policy, and conduct Universal XSS (UXSS) attacks or read arbitrary files, by arranging for the presence of a crafted HTML document and a crafted shortcut file in the same local directory. Mozilla Firefox en versiones anteriores a 48.0 y Firefox ESR 45.x en versiones anteriores a 45.3 permite a atacantes remotos asistidos por usuario eludir el Same Origin Policy, y llevar a cabo ataques... • http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00004.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0CVE-2016-5263 – Mozilla: Type confusion in display transformation (MFSA 2016-78)
https://notcve.org/view.php?id=CVE-2016-5263
03 Aug 2016 — The nsDisplayList::HitTest function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 mishandles rendering display transformation, which allows remote attackers to execute arbitrary code via a crafted web site that leverages "type confusion." La función nsDisplayList::HitTest en Mozilla Firefox en versiones anteriores a 48.0 y Firefox ESR 45.x en versiones anteriores a 45.3 no maneja correctamente transformación de visualización de renderizado, lo que permite a atacantes remotos ejecutar códig... • http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00004.html • CWE-704: Incorrect Type Conversion or Cast •
CVSS: 8.8EPSS: 2%CPEs: 5EXPL: 0CVE-2016-2836 – Mozilla: Miscellaneous memory safety hazards (rv:45.3) (MFSA 2016-62)
https://notcve.org/view.php?id=CVE-2016-2836
03 Aug 2016 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to Http2Session::Shutdown and SpdySession31::Shutdown, and other vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador en Mozilla Firefox en versiones anteriores a 48.0 y Firefox ESR 45.x en versiones anteriores a 4... • http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00004.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 4%CPEs: 5EXPL: 0CVE-2016-2838 – Mozilla: Buffer overflow rendering SVG with bidirectional content (MFSA 2016-64)
https://notcve.org/view.php?id=CVE-2016-2838
03 Aug 2016 — Heap-based buffer overflow in the nsBidi::BracketData::AddOpening function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code via directional content in an SVG document. Desbordamiento de búfer basado en memoria dinámica en la función nsBidi::BracketData::AddOpening en Mozilla Firefox en versiones anteriores a 48.0 y Firefox ESR 45.x en versiones anteriores a 45.3 permite a atacantes remotos ejecutar código arbitrario a través de un contenido di... • http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00004.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 2%CPEs: 8EXPL: 1CVE-2016-5258 – Mozilla: Use-after-free in DTLS during WebRTC session shutdown (MFSA 2016-72)
https://notcve.org/view.php?id=CVE-2016-5258
03 Aug 2016 — Use-after-free vulnerability in the WebRTC socket thread in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code by leveraging incorrect free operations on DTLS objects during the shutdown of a WebRTC session. Vulnerabilidad de uso después de liberación de memoria en el hilo de toma WebRTC en Mozilla Firefox en versiones anteriores a 48.0 y Firefox ESR 45.x en versiones anteriores a 45.3 permite a atacantes remotos ejecutar código arbitrario aprovech... • http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00004.html • CWE-416: Use After Free •