CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-1949 – Gentoo Linux Security Advisory 201605-06
https://notcve.org/view.php?id=CVE-2016-1949
12 Feb 2016 — Mozilla Firefox before 44.0.2 does not properly restrict the interaction between Service Workers and plugins, which allows remote attackers to bypass the Same Origin Policy via a crafted web site that triggers spoofed responses to requests that use NPAPI, as demonstrated by a request for a crossdomain.xml file. Mozilla Firefox en versiones anteriores a 44.0.2 no restringe correctamente la interacción entre Service Workers y plugins, lo que permite a atacantes remotos eludir la Same Origin Policy a través de... • http://lists.opensuse.org/opensuse-updates/2016-02/msg00102.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2016-1940 – Gentoo Linux Security Advisory 201605-06
https://notcve.org/view.php?id=CVE-2016-1940
31 Jan 2016 — Mozilla Firefox before 44.0 on Android allows remote attackers to spoof the address bar via a data: URL that is mishandled during (1) shortcut opening or (2) BOOKMARK intent processing. Mozilla Firefox en versiones anteriores a 44.0 en Android permite a atacantes remotos suplantar la barra de direcciones a través de un data: URL que se maneja incorrectamente durante el procesamiento de (1) la apertura de un acceso directo o (2) un BOOKMARK intent. Multiple vulnerabilities have been found in Firefox, Thunder... • http://www.mozilla.org/security/announce/2016/mfsa2016-05.html • CWE-17: DEPRECATED: Code •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2016-1941 – Gentoo Linux Security Advisory 201605-06
https://notcve.org/view.php?id=CVE-2016-1941
31 Jan 2016 — The file-download dialog in Mozilla Firefox before 44.0 on OS X enables a certain button too quickly, which allows remote attackers to conduct clickjacking attacks via a crafted web site that triggers a single-click action in a situation where a double-click action was intended. El dialogo de descarga de archivo en Mozilla Firefox en versiones anteriores a 44.0 en OS X habilita un determinado botón muy rápido, lo que permite a atacantes remotos llevar a cabo ataques de secuestro de clic a través de un sitio... • http://www.mozilla.org/security/announce/2016/mfsa2016-08.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.7EPSS: 0%CPEs: 5EXPL: 0CVE-2016-1943 – Gentoo Linux Security Advisory 201605-06
https://notcve.org/view.php?id=CVE-2016-1943
31 Jan 2016 — Mozilla Firefox before 44.0 on Android allows remote attackers to spoof the address bar via the scrollTo method. Mozilla Firefox en versiones anteriores a 44.0 en Android permite a atacantes remotos suplantar la barra de direcciones a través del método scrollTo. Multiple vulnerabilities have been found in Firefox, Thunderbird, Network Security Services (NSS), and NetScape Portable Runtime (NSPR) with the worst of which may allow remote execution of arbitrary code. Versions less than 4.12 are affected. • http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00001.html • CWE-17: DEPRECATED: Code •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2016-1948 – Gentoo Linux Security Advisory 201605-06
https://notcve.org/view.php?id=CVE-2016-1948
31 Jan 2016 — Mozilla Firefox before 44.0 on Android does not ensure that HTTPS is used for a lightweight-theme installation, which allows man-in-the-middle attackers to replace a theme's images and colors by modifying the client-server data stream. Mozilla Firefox en versiones anteriores a 44.0 en Android no asegura que se utiliza HTTPS para una instalación lightweight-theme, lo que permite a atacantes man-in-the-middle reemplazar imágenes y colores de un tema modificando el flujo de datos cliente-servidor. Multiple vul... • http://www.mozilla.org/security/announce/2016/mfsa2016-12.html • CWE-310: Cryptographic Issues •
CVSS: 10.0EPSS: 0%CPEs: 13EXPL: 0CVE-2016-1930 – Mozilla: Miscellaneous memory safety hazards (rv:38.6) (MFSA 2016-01)
https://notcve.org/view.php?id=CVE-2016-1930
27 Jan 2016 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 44.0 and Firefox ESR 38.x before 38.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador en Mozilla Firefox en versiones anteriores a 44.0 y Firefox ESR 38.x en versiones anteriores a 38.6 permiten a atacantes remotos causar una denegación de servicio (corru... • http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 4%CPEs: 4EXPL: 0CVE-2016-1931 – Gentoo Linux Security Advisory 201605-06
https://notcve.org/view.php?id=CVE-2016-1931
27 Jan 2016 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 44.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to uninitialized memory encountered during brotli data compression, and other vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador en Mozilla Firefox en versiones anteriores a 44.0 permiten a atacantes remotos causar una denegación de servicio (co... • http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 3%CPEs: 4EXPL: 0CVE-2016-1933 – Ubuntu Security Notice USN-2880-2
https://notcve.org/view.php?id=CVE-2016-1933
27 Jan 2016 — Integer overflow in the image-deinterlacing functionality in Mozilla Firefox before 44.0 allows remote attackers to cause a denial of service (memory consumption or application crash) via a crafted GIF image. Desbordamiento de entero en la funcionalidad image-deinterlacing en Mozilla Firefox en versiones anteriores a 44.0 permite a atacantes remotos causar una denegación de servicio (consumo de memoria o caída de aplicación) a través de una imagen GIF manipulada. Bob Clary, Christian Holler, Nils Ohlmeier, ... • http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00001.html • CWE-189: Numeric Errors •
CVSS: 9.3EPSS: 0%CPEs: 13EXPL: 0CVE-2016-1935 – Mozilla: Buffer overflow in WebGL after out of memory allocation (MFSA 2016-03)
https://notcve.org/view.php?id=CVE-2016-1935
27 Jan 2016 — Buffer overflow in the BufferSubData function in Mozilla Firefox before 44.0 and Firefox ESR 38.x before 38.6 allows remote attackers to execute arbitrary code via crafted WebGL content. Desbordamiento de buffer en la función BufferSubData en Mozilla Firefox en versiones anteriores a 44.0 y Firefox ESR 38.x en versiones anteriores a 38.6 permite a atacantes remotos ejecutar código arbitrario a través de contenido WebGL manipulado. Bob Clary, Christian Holler, Nils Ohlmeier, Gary Kwong, Jesse Ruderman, Carst... • http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2016-1937 – Ubuntu Security Notice USN-2880-2
https://notcve.org/view.php?id=CVE-2016-1937
27 Jan 2016 — The protocol-handler dialog in Mozilla Firefox before 44.0 allows remote attackers to conduct clickjacking attacks via a crafted web site that triggers a single-click action in a situation where a double-click action was intended. El diálogo del manejador de protocolo en Mozilla Firefox en versiones anteriores a 44.0 permite a atacantes remotos llevar a cabo ataques de secuestro de clic a través de un sitio web manipulado que desencadena una acción de clic simple en una situación en la que se pretendía una ... • http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00001.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •