CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2016-2810 – Gentoo Linux Security Advisory 201701-15
https://notcve.org/view.php?id=CVE-2016-2810
30 Apr 2016 — Mozilla Firefox before 46.0 on Android before 5.0 allows attackers to bypass intended Signature access requirements via a crafted application that leverages content-provider permissions, as demonstrated by reading the browser history or a saved password. Mozilla Firefox en versiones anteriores a 46.0 sobre Android en versiones anteriores a 5.0 permite a atacantes eludir requerimientos destinados al acceso Signature a través de una aplicación manipulada que aprovecha permisos content-provider, según lo demos... • http://lists.opensuse.org/opensuse-updates/2016-05/msg00038.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.8EPSS: 2%CPEs: 2EXPL: 0CVE-2016-2809 – Gentoo Linux Security Advisory 201701-15
https://notcve.org/view.php?id=CVE-2016-2809
30 Apr 2016 — The Mozilla Maintenance Service updater in Mozilla Firefox before 46.0 on Windows allows user-assisted remote attackers to delete arbitrary files by leveraging certain local file execution. El actualizador Mozilla Maintenance Service en Mozilla Firefox en versiones anteriores a 46.0 sobre Windows permite a atacantes remotos asistidos por usuario eliminar archivos arbitrarios aprovechando la ejecución de un determinado archivo local. Multiple vulnerabilities have been found in Mozilla Firefox, SeaMonkey, and... • http://lists.opensuse.org/opensuse-updates/2016-05/msg00038.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2016-2813 – Gentoo Linux Security Advisory 201701-15
https://notcve.org/view.php?id=CVE-2016-2813
30 Apr 2016 — Mozilla Firefox before 46.0 on Android does not properly restrict JavaScript access to orientation and motion data, which allows remote attackers to obtain sensitive information about a device's physical environment, and possibly discover PIN values, via a crafted web site, a similar issue to CVE-2016-1780. Mozilla Firefox en versiones anteriores a 46.0 sobre Android no restringe adecuadamente el acceso JavaScript a datos de orientation y motion, lo que permite a atacantes remotos obtener información sensib... • http://dl.acm.org/citation.cfm?id=2714650 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 3%CPEs: 17EXPL: 0CVE-2016-2804 – Gentoo Linux Security Advisory 201701-15
https://notcve.org/view.php?id=CVE-2016-2804
28 Apr 2016 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador en Mozilla Firefox en versiones anteriores a 46.0 permiten a atacantes remotos provocar una denegación de servicio (corrupción de memoria y caída de aplicación) o posiblemente ejecutar código arbitrario... • http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00005.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 6%CPEs: 1EXPL: 0CVE-2016-2811 – Gentoo Linux Security Advisory 201701-15
https://notcve.org/view.php?id=CVE-2016-2811
28 Apr 2016 — Use-after-free vulnerability in the ServiceWorkerInfo class in the Service Worker subsystem in Mozilla Firefox before 46.0 allows remote attackers to execute arbitrary code via vectors related to the BeginReading method. Vulnerabilidad de uso después de liberación de memoria en la clase ServiceWorkerInfo en el subsistema Service Worker en Mozilla Firefox en versiones anteriores a 46.0 permite a atacantes remotos ejecutar código arbitrario a través de vectores relacionados con el método BeginReading. Christi... • http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00005.html •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2016-2812 – Gentoo Linux Security Advisory 201701-15
https://notcve.org/view.php?id=CVE-2016-2812
28 Apr 2016 — Race condition in the get implementation in the ServiceWorkerManager class in the Service Worker subsystem in Mozilla Firefox before 46.0 allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted web site. Condición de carrera en la implementación de get en la clase ServiceWorkerManager en el subsistema Service Worker en Mozilla Firefox en versiones anteriores a 46.0 permite a atacantes remotos ejecutar código arbitrario o provocar u... • http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00005.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-2816 – Gentoo Linux Security Advisory 201701-15
https://notcve.org/view.php?id=CVE-2016-2816
28 Apr 2016 — Mozilla Firefox before 46.0 allows remote attackers to bypass the Content Security Policy (CSP) protection mechanism via the multipart/x-mixed-replace content type. Mozilla Firefox en versiones anteriores a 46.0 permite a atacantes remotos eludir el mecanismo de protección Content Security Policy (CSP) a través del tipo de contenido multipart/x-mixed-replace. USN-2936-1 fixed vulnerabilities in Firefox. The update caused an issue where a device update POST request was sent every time about:preferences#sync ... • http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00005.html • CWE-284: Improper Access Control •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2016-2817 – Gentoo Linux Security Advisory 201701-15
https://notcve.org/view.php?id=CVE-2016-2817
28 Apr 2016 — The WebExtension sandbox feature in browser/components/extensions/ext-tabs.js in Mozilla Firefox before 46.0 does not properly restrict principal inheritance during chrome.tabs.create and chrome.tabs.update API calls, which allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted extension that accesses a (1) javascript: or (2) data: URL. La funcionalidad de sandbox WebExtension en browser/components/extensions/ext-tabs.js en Mozilla Firefox en versiones anteriores a 46.0 no restringe a... • http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00005.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 1%CPEs: 1EXPL: 0CVE-2016-2820 – Gentoo Linux Security Advisory 201701-15
https://notcve.org/view.php?id=CVE-2016-2820
28 Apr 2016 — The Firefox Health Reports (aka FHR or about:healthreport) feature in Mozilla Firefox before 46.0 does not properly restrict the origin of events, which makes it easier for remote attackers to modify sharing preferences by leveraging access to the remote-report IFRAME element. La funcionalidad Firefox Health Reports (también conocida como FHR o about:healthreport) en Mozilla Firefox en versiones anteriores a 46.0 no restringe adecuadamente el origen de eventos, lo que facilita a atacantes remotos modificar ... • http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00005.html • CWE-284: Improper Access Control •
CVSS: 10.0EPSS: 2%CPEs: 7EXPL: 0CVE-2016-2806 – Mozilla: Miscellaneous memory safety hazards (rv:46.0 / rv:45.1) (MFSA 2016-39)
https://notcve.org/view.php?id=CVE-2016-2806
26 Apr 2016 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0 and Firefox ESR 45.x before 45.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador en Mozilla Firefox en versiones anteriores a 46.0 y Firefox ESR 45.x en versiones anteriores a 45.1 permiten a atacantes remotos provocar una denegación de servicio (cor... • http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00005.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •