CVSS: 9.8EPSS: 0%CPEs: 21EXPL: 0CVE-2017-5390 – Mozilla: Insecure communication methods in Developer Tools JSON viewer (MFSA 2017-02)
https://notcve.org/view.php?id=CVE-2017-5390
The JSON viewer in the Developer Tools uses insecure methods to create a communication channel for copying and viewing JSON or HTTP headers data, allowing for potential privilege escalation. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51. El visor JSON en Developer Tools emplea métodos inseguros para crear un canal de comunicación para copiar y visualizar datos de cabeceras HTTP o JSON, lo que permite un potencial escalado de privilegios. La vulnerabilidad afecta a Thunderbird en versiones anteriores a la 45.7, Firefox ESR en versiones anteriores a la 45.7 y Firefox en versiones anteriores a la 51. • http://rhn.redhat.com/errata/RHSA-2017-0190.html http://rhn.redhat.com/errata/RHSA-2017-0238.html http://www.securityfocus.com/bid/95769 http://www.securitytracker.com/id/1037693 https://bugzilla.mozilla.org/show_bug.cgi?id=1297361 https://security.gentoo.org/glsa/201702-13 https://security.gentoo.org/glsa/201702-22 https://www.debian.org/security/2017/dsa-3771 https://www.debian.org/security/2017/dsa-3832 https://www.mozilla.org/security/advisories/mfsa2017-01 http •
CVSS: 9.8EPSS: 0%CPEs: 21EXPL: 0CVE-2017-5380 – Mozilla: Potential use-after-free during DOM manipulations (MFSA 2017-02)
https://notcve.org/view.php?id=CVE-2017-5380
A potential use-after-free found through fuzzing during DOM manipulation of SVG content. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51. Se ha encontrado un potencial uso de memoria previamente liberada mediante fuzzing durante la manipulación DOM del contenido SVG. La vulnerabilidad afecta a Thunderbird en versiones anteriores a la 45.7, Firefox ESR en versiones anteriores a la 45.7 y Firefox en versiones anteriores a la 51. • http://rhn.redhat.com/errata/RHSA-2017-0190.html http://rhn.redhat.com/errata/RHSA-2017-0238.html http://www.securityfocus.com/bid/95769 http://www.securitytracker.com/id/1037693 https://bugzilla.mozilla.org/show_bug.cgi?id=1322107 https://security.gentoo.org/glsa/201702-13 https://security.gentoo.org/glsa/201702-22 https://www.debian.org/security/2017/dsa-3771 https://www.debian.org/security/2017/dsa-3832 https://www.mozilla.org/security/advisories/mfsa2017-01 http • CWE-416: Use After Free •
CVSS: 8.8EPSS: 1%CPEs: 12EXPL: 1CVE-2016-9905 – Mozilla: Crash in EnumerateSubDocuments (MFSA 2016-94, MFSA 2016-95)
https://notcve.org/view.php?id=CVE-2016-9905
A potentially exploitable crash in "EnumerateSubDocuments" while adding or removing sub-documents. This vulnerability affects Firefox ESR < 45.6 and Thunderbird < 45.6. Cierre inesperado potencialmente explotable en "EnumerateSubDocuments" al añadir o eliminar subdocumentos. La vulnerabilidad afecta a Firefox ESR en versiones anteriores a la 45.6 y Thunderbird en versiones anteriores a la 45.6. • http://rhn.redhat.com/errata/RHSA-2016-2946.html http://rhn.redhat.com/errata/RHSA-2016-2973.html http://www.securityfocus.com/bid/94884 http://www.securitytracker.com/id/1037462 https://bugzilla.mozilla.org/show_bug.cgi?id=1293985 https://security.gentoo.org/glsa/201701-15 https://www.debian.org/security/2017/dsa-3757 https://www.mozilla.org/security/advisories/mfsa2016-95 https://www.mozilla.org/security/advisories/mfsa2016-96 https://access.redhat.com/security/cve/C • CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 0%CPEs: 16EXPL: 1CVE-2016-9902 – Mozilla: Pocket extension does not validate the origin of events (MFSA 2016-94, MFSA 2016-95)
https://notcve.org/view.php?id=CVE-2016-9902
The Pocket toolbar button, once activated, listens for events fired from it's own pages but does not verify the origin of incoming events. This allows content from other origins to fire events and inject content and commands into the Pocket context. Note: this issue does not affect users with e10s enabled. This vulnerability affects Firefox ESR < 45.6 and Firefox < 50.1. El botón de la barra de herramientas Pocket, una vez se activa, escucha eventos lanzados desde sus propias páginas, pero no verifica el origen de los eventos entrantes. • http://rhn.redhat.com/errata/RHSA-2016-2946.html http://rhn.redhat.com/errata/RHSA-2016-2973.html http://www.securityfocus.com/bid/94885 http://www.securitytracker.com/id/1037461 https://bugzilla.mozilla.org/show_bug.cgi?id=1320039 https://security.gentoo.org/glsa/201701-15 https://www.mozilla.org/security/advisories/mfsa2016-94 https://www.mozilla.org/security/advisories/mfsa2016-95 https://access.redhat.com/security/cve/CVE-2016-9902 https://bugzilla.redhat.com/show_bu • CWE-346: Origin Validation Error •
CVSS: 9.8EPSS: 0%CPEs: 21EXPL: 1CVE-2016-9898 – Mozilla: Use-after-free in Editor while manipulating DOM subtrees (MFSA 2016-94, MFSA 2016-95)
https://notcve.org/view.php?id=CVE-2016-9898
Use-after-free resulting in potentially exploitable crash when manipulating DOM subtrees in the Editor. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6. Uso de memoria previamente liberada que resulta en un cierre inesperado potencialmente explotable al manipular subárboles DOM en el Editor. La vulnerabilidad afecta a Firefox en versiones anteriores a la 50.1, Firefox ESR en versiones anteriores a la 45.6 y Thunderbird en versiones anteriores a la 45.6. • http://rhn.redhat.com/errata/RHSA-2016-2946.html http://www.securityfocus.com/bid/94885 http://www.securitytracker.com/id/1037461 https://bugzilla.mozilla.org/show_bug.cgi?id=1314442 https://security.gentoo.org/glsa/201701-15 https://www.debian.org/security/2017/dsa-3757 https://www.mozilla.org/security/advisories/mfsa2016-94 https://www.mozilla.org/security/advisories/mfsa2016-95 https://www.mozilla.org/security/advisories/mfsa2016-96 https://access.redhat.com/security/cve&#x • CWE-416: Use After Free •