CVSS: 4.7EPSS: 0%CPEs: 5EXPL: 0CVE-2016-1943 – Gentoo Linux Security Advisory 201605-06
https://notcve.org/view.php?id=CVE-2016-1943
31 Jan 2016 — Mozilla Firefox before 44.0 on Android allows remote attackers to spoof the address bar via the scrollTo method. Mozilla Firefox en versiones anteriores a 44.0 en Android permite a atacantes remotos suplantar la barra de direcciones a través del método scrollTo. Multiple vulnerabilities have been found in Firefox, Thunderbird, Network Security Services (NSS), and NetScape Portable Runtime (NSPR) with the worst of which may allow remote execution of arbitrary code. Versions less than 4.12 are affected. • http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00001.html • CWE-17: DEPRECATED: Code •
CVSS: 6.5EPSS: 1%CPEs: 5EXPL: 0CVE-2016-1938 – Gentoo Linux Security Advisory 201701-46
https://notcve.org/view.php?id=CVE-2016-1938
27 Jan 2016 — The s_mp_div function in lib/freebl/mpi/mpi.c in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, improperly divides numbers, which might make it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging use of the (1) mp_div or (2) mp_exptmod function. La función s_mp_div en lib/freebl/mpi/mpi.c en Mozilla Network Security Services (NSS) en versiones anteriores a 3.21, como se utiliza en Mozilla Firefox en versiones anteriores a 44.0... • http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00001.html • CWE-310: Cryptographic Issues •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2016-1939 – Ubuntu Security Notice USN-2880-2
https://notcve.org/view.php?id=CVE-2016-1939
27 Jan 2016 — Mozilla Firefox before 44.0 stores cookies with names containing vertical tab characters, which allows remote attackers to obtain sensitive information by reading HTTP Cookie headers. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-7208. Mozilla Firefox en versiones anteriores a 44.0 almacena cookies con nombres que contienen caracteres de tabulación verticales, lo que permite a atacantes remotos obtener información sensible mediante la lectura de cabeceras HTTP Cookie. NOTA: esta ... • http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00001.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 2%CPEs: 4EXPL: 0CVE-2016-1946 – Gentoo Linux Security Advisory 201605-06
https://notcve.org/view.php?id=CVE-2016-1946
27 Jan 2016 — The MoofParser::Metadata function in binding/MoofParser.cpp in libstagefright in Mozilla Firefox before 44.0 does not limit the size of read operations, which might allow remote attackers to cause a denial of service (integer overflow and buffer overflow) or possibly have unspecified other impact via crafted metadata. La función MoofParser::Metadata en binding/MoofParser.cpp en libstagefright en Mozilla Firefox en versiones anteriores a 44.0 no limita el tamaño de las operaciones de lectura, lo que podría p... • http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-189: Numeric Errors •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2016-1933 – Ubuntu Security Notice USN-2880-2
https://notcve.org/view.php?id=CVE-2016-1933
27 Jan 2016 — Integer overflow in the image-deinterlacing functionality in Mozilla Firefox before 44.0 allows remote attackers to cause a denial of service (memory consumption or application crash) via a crafted GIF image. Desbordamiento de entero en la funcionalidad image-deinterlacing en Mozilla Firefox en versiones anteriores a 44.0 permite a atacantes remotos causar una denegación de servicio (consumo de memoria o caída de aplicación) a través de una imagen GIF manipulada. Bob Clary, Christian Holler, Nils Ohlmeier, ... • http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00001.html • CWE-189: Numeric Errors •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2016-1937 – Ubuntu Security Notice USN-2880-2
https://notcve.org/view.php?id=CVE-2016-1937
27 Jan 2016 — The protocol-handler dialog in Mozilla Firefox before 44.0 allows remote attackers to conduct clickjacking attacks via a crafted web site that triggers a single-click action in a situation where a double-click action was intended. El diálogo del manejador de protocolo en Mozilla Firefox en versiones anteriores a 44.0 permite a atacantes remotos llevar a cabo ataques de secuestro de clic a través de un sitio web manipulado que desencadena una acción de clic simple en una situación en la que se pretendía una ... • http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00001.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.3EPSS: 1%CPEs: 13EXPL: 0CVE-2016-1935 – Mozilla: Buffer overflow in WebGL after out of memory allocation (MFSA 2016-03)
https://notcve.org/view.php?id=CVE-2016-1935
27 Jan 2016 — Buffer overflow in the BufferSubData function in Mozilla Firefox before 44.0 and Firefox ESR 38.x before 38.6 allows remote attackers to execute arbitrary code via crafted WebGL content. Desbordamiento de buffer en la función BufferSubData en Mozilla Firefox en versiones anteriores a 44.0 y Firefox ESR 38.x en versiones anteriores a 38.6 permite a atacantes remotos ejecutar código arbitrario a través de contenido WebGL manipulado. Bob Clary, Christian Holler, Nils Ohlmeier, Gary Kwong, Jesse Ruderman, Carst... • http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.4EPSS: 0%CPEs: 4EXPL: 0CVE-2016-1942 – Ubuntu Security Notice USN-2880-2
https://notcve.org/view.php?id=CVE-2016-1942
27 Jan 2016 — Mozilla Firefox before 44.0 allows user-assisted remote attackers to spoof a trailing substring in the address bar by leveraging a user's paste of a (1) wyciwyg: URI or (2) resource: URI. Mozilla Firefox en versiones anteriores a 44.0 permite a atacantes remotos asistidos por usuario suplantar una subcadena posterior en la barra de direcciones aprovechando lo que pega un usuario de un (1) wyciwyg: URI o (2) resource: URI. Bob Clary, Christian Holler, Nils Ohlmeier, Gary Kwong, Jesse Ruderman, Carsten Book, ... • http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00001.html • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 3%CPEs: 4EXPL: 0CVE-2016-1944 – Gentoo Linux Security Advisory 201605-06
https://notcve.org/view.php?id=CVE-2016-1944
27 Jan 2016 — The Buffer11::NativeBuffer11::map function in ANGLE, as used in Mozilla Firefox before 44.0, might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. La función Buffer11::NativeBuffer11::map en ANGLE, como se utiliza en Mozilla Firefox en versiones anteriores a 44.0, podría permitir a atacantes remotos causar una denegación de servicio (corrupción de memoria) o posiblemente tener otro impacto no especificado a través de vect... • http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 1%CPEs: 4EXPL: 0CVE-2016-1945 – Gentoo Linux Security Advisory 201605-06
https://notcve.org/view.php?id=CVE-2016-1945
27 Jan 2016 — The nsZipArchive function in Mozilla Firefox before 44.0 might allow remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging incorrect use of a pointer during processing of a ZIP archive. La función nsZipArchive en Mozilla Firefox en versiones anteriores a 44.0 podría permitir a atacantes remotos causar una denegación de servicio o posiblemente tener otro impacto no especificado mediante el aprovechamiento del uso incorrecto de un puntero durante el procesamient... • http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00001.html •