CVSS: 8.8EPSS: 3%CPEs: 11EXPL: 0CVE-2016-2828 – Mozilla: Use-after-free when textures are used in WebGL operations after recycle pool destruction (MFSA 2016-56)
https://notcve.org/view.php?id=CVE-2016-2828
Use-after-free vulnerability in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allows remote attackers to execute arbitrary code via WebGL content that triggers texture access after destruction of the texture's recycle pool. Vulnerabilidad de uso después de liberación de memoria en Mozilla Firefox en versiones anteriores a 47.0 y Firefox ESR 45.x en versiones anteriores a 45.2 permite a atacantes remotos ejecutar código arbitrario a través de un contenido WebGL que desencadena acceso de textura después de la destrucción de la papelera de reciclaje de texturas. • http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00055.html http://www.debian.org/security/2016/dsa-3600 http://www.mozilla.org/security/announce/2016/mfsa2016-56.html http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html http://www.securityfocus.com/bid/91075 http://www.securitytracker.com/id/1036057 http&# •
CVSS: 8.8EPSS: 1%CPEs: 11EXPL: 0CVE-2016-2831 – Mozilla: Entering fullscreen and persistent pointerlock without user permission (MFSA 2016-58)
https://notcve.org/view.php?id=CVE-2016-2831
Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 do not ensure that the user approves the fullscreen and pointerlock settings, which allows remote attackers to cause a denial of service (UI outage), or conduct clickjacking or spoofing attacks, via a crafted web site. Mozilla Firefox en versiones anteriores a 47.0 y Firefox ESR 45.x en versiones anteriores a 45.2 no asegura que el usuario apruebe los ajustes de pantalla completa y pointerlock, lo que permite a atacantes remotos provocar una denegación de servicio (interrupción de UI), o llevar a cabo ataques de clickjacking o de suplantación, a través de un sitio web manipulado. • http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00055.html http://www.debian.org/security/2016/dsa-3600 http://www.mozilla.org/security/announce/2016/mfsa2016-58.html http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html http://www.securityfocus.com/bid/91075 http://www.securitytracker.com/id/1036057 http&# • CWE-254: 7PK - Security Features CWE-284: Improper Access Control •
CVSS: 6.5EPSS: 0%CPEs: 11EXPL: 0CVE-2016-2822 – Mozilla: Addressbar spoofing though the SELECT element (MFSA 2016-52)
https://notcve.org/view.php?id=CVE-2016-2822
Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to spoof the address bar via a SELECT element with a persistent menu. Mozilla Firefox en versiones anteriores a 47.0 y Firefox ESR 45.x en versiones anteriores a 45.2 permite a atacantes remotos suplantar la barra de dirección a través de un elemento SELECT con un menú persistente. • http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00055.html http://www.debian.org/security/2016/dsa-3600 http://www.mozilla.org/security/announce/2016/mfsa2016-52.html http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html http://www.securityfocus.com/bid/91075 http://www.securitytracker.com/id/1036057 http&# • CWE-284: Improper Access Control •
CVSS: 10.0EPSS: 3%CPEs: 17EXPL: 0CVE-2016-2804
https://notcve.org/view.php?id=CVE-2016-2804
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador en Mozilla Firefox en versiones anteriores a 46.0 permiten a atacantes remotos provocar una denegación de servicio (corrupción de memoria y caída de aplicación) o posiblemente ejecutar código arbitrario a través de vectores desconocidos. • http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00005.html http://lists.opensuse.org/opensuse-updates/2016-05/msg00038.html http://www.mozilla.org/security/announce/2016/mfsa2016-39.html http://www.securitytracker.com/id/1035692 http://www.ubuntu.com/usn/USN-2936-1 http://www.ubuntu.com/usn/USN-2936-2 http://www.ubuntu.com/usn/USN-2936-3 https://bugzilla.mozilla.org/show_bug.cgi?id=1141382 https://bugzilla.mozilla.org/show_bug.cgi?id=1155328 https:&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 16%CPEs: 17EXPL: 0CVE-2016-2814 – Mozilla: Buffer overflow in libstagefright with CENC offsets (MFSA 2016-44)
https://notcve.org/view.php?id=CVE-2016-2814
Heap-based buffer overflow in the stagefright::SampleTable::parseSampleCencInfo function in libstagefright in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allows remote attackers to execute arbitrary code via crafted CENC offsets that lead to mismanagement of the sizes table. Desbordamiento de buffer basado en memoria dinámica en la función stagefright::SampleTable::parseSampleCencInfo en libstagefright en Mozilla Firefox en versiones anteriores a 46.0, Firefox ESR 38.x en versiones anteriores a 38.8 y Firefox ESR 45.x en versiones anteriores a 45.1 permite a atacantes remotos ejecutar código arbitrario a través de desplazamientos CENC manipulados que conducen a administración incorrecta de la tabla de tamaños • http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00023.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00054.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00057.html http://lists.opensuse.org/opensuse-updates/2016-05/msg00038.html http://rhn.redhat.com/errata/RHSA-2016-0695.html http://www.debian.org/security/2016/dsa-3559 http://www.mozilla.org/security/ann • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •