CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-18496
https://notcve.org/view.php?id=CVE-2018-18496
When the RSS Feed preview about:feeds page is framed within another page, it can be used in concert with scripted content for a clickjacking attack that confuses users into downloading and executing an executable file from a temporary directory. *Note: This issue only affects Windows operating systems. Other operating systems are not affected.*. This vulnerability affects Firefox < 64. Cuando la página about:feeds de la previsualización de feeds RSS se enmarca dentro de otra página, puede utilizarse en conjunto con contenido programado para llevar a cabo un ataque de secuestro de clics que confunde a los usuarios para que descarguen y ejecuten un archivo ejecutable desde un directorio temporal. • http://www.securityfocus.com/bid/106167 https://bugzilla.mozilla.org/show_bug.cgi?id=1422231 https://www.mozilla.org/security/advisories/mfsa2018-29 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2018-18495
https://notcve.org/view.php?id=CVE-2018-18495
WebExtension content scripts can be loaded into about: pages in some circumstances, in violation of the permissions granted to extensions. This could allow an extension to interfere with the loading and usage of these pages and use capabilities that were intended to be restricted from extensions. This vulnerability affects Firefox < 64. Se pueden cargar los scripts del contenido de WebExtensions en páginas about:, en algunas circunstancias, en violación de los permisos otorgados a las extensiones. Esto podría permitir a una extensión interferir con la carga y el uso de estas páginas y utilizar capacidades que deberían estar restringidas para extensiones. • http://www.securityfocus.com/bid/106167 https://bugzilla.mozilla.org/show_bug.cgi?id=1427585 https://usn.ubuntu.com/3844-1 https://www.mozilla.org/security/advisories/mfsa2018-29 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 2CVE-2018-12406
https://notcve.org/view.php?id=CVE-2018-12406
Mozilla developers and community members reported memory safety bugs present in Firefox 63. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 64. Los desarrolladores de Mozilla y los miembros de la comunidad reportaron problemas de seguridad existentes en Firefox 63. Algunos de estos errores mostraban evidencias de corrupción de memoria y se cree que, con el esfuerzo necesario, se podrían explotar para ejecutar código arbitrario. • http://www.securityfocus.com/bid/106167 https://bugzilla.mozilla.org/buglist.cgi?bug_id=1456947%2C1475669%2C1504816%2C1502886%2C1500064%2C1500310%2C1500696%2C1499198%2C1434490%2C1481745%2C1458129 https://usn.ubuntu.com/3844-1 https://www.mozilla.org/security/advisories/mfsa2018-29 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2018-12402
https://notcve.org/view.php?id=CVE-2018-12402
The internal WebBrowserPersist code does not use correct origin context for a resource being saved. This manifests when sub-resources are loaded as part of "Save Page As..." functionality. For example, a malicious page could recover a visitor's Windows username and NTLM hash by including resources otherwise unreachable to the malicious page, if they can convince the visitor to save the complete web page. Similarly, SameSite cookies are sent on cross-origin requests when the "Save Page As..." menu item is selected to save a page, which can result in saving the wrong version of resources based on those cookies. This vulnerability affects Firefox < 63. • http://www.securityfocus.com/bid/105721 http://www.securitytracker.com/id/1041944 https://bugzilla.mozilla.org/show_bug.cgi?id=1447087 https://bugzilla.mozilla.org/show_bug.cgi?id=1469916 https://usn.ubuntu.com/3801-1 https://www.mozilla.org/security/advisories/mfsa2018-26 • CWE-346: Origin Validation Error •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2018-18503
https://notcve.org/view.php?id=CVE-2018-18503
When JavaScript is used to create and manipulate an audio buffer, a potentially exploitable crash may occur because of a compartment mismatch in some situations. This vulnerability affects Firefox < 65. Cuando se utiliza JavaScript para crear y manipular un búfer de audio, podría ocurrir un cierre inesperado explotable debido a una no coincidencia de un compartimento en algunas situaciones. Esta vulnerabilidad afecta a las versiones anteriores a la 65 de Firefox. • http://www.securityfocus.com/bid/106773 https://usn.ubuntu.com/3874-1 https://www.mozilla.org/security/advisories/mfsa2019-01 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •