CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0CVE-2018-12399
https://notcve.org/view.php?id=CVE-2018-12399
When a new protocol handler is registered, the API accepts a title argument which can be used to mislead users about which domain is registering the new protocol. This may result in the user approving a protocol handler that they otherwise would not have. This vulnerability affects Firefox < 63. Cuando se registra un nuevo manipulador de protocolos, la API acepta un argumento de títulos que puede utilizarse para engañar a los usuarios para que duden sobre el dominio que está registrando el nuevo protocolo. Esto puede provocar que el usuario apruebe un manipulador de protocolo que normalmente no tendría. • http://www.securityfocus.com/bid/105721 http://www.securitytracker.com/id/1041944 https://bugzilla.mozilla.org/show_bug.cgi?id=1490276 https://usn.ubuntu.com/3801-1 https://www.mozilla.org/security/advisories/mfsa2018-26 • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 0%CPEs: 15EXPL: 0CVE-2018-12395 – Mozilla: WebExtension bypass of domain restrictions through header rewriting
https://notcve.org/view.php?id=CVE-2018-12395
By rewriting the Host: request headers using the webRequest API, a WebExtension can bypass domain restrictions through domain fronting. This would allow access to domains that share a host that are otherwise restricted. This vulnerability affects Firefox ESR < 60.3 and Firefox < 63. Al reescribir las cabeceras "Host: request" que utilizan la API webRequest, WebExtensions pueden omitir las restricciones de dominio mediante la fronting del dominio. Esto permitiría el acceso a dominios, cuyo acceso es normalmente restringido, que comparten un host. • http://www.securityfocus.com/bid/105718 http://www.securitytracker.com/id/1041944 https://access.redhat.com/errata/RHSA-2018:3005 https://access.redhat.com/errata/RHSA-2018:3006 https://bugzilla.mozilla.org/show_bug.cgi?id=1467523 https://lists.debian.org/debian-lts-announce/2018/11/msg00008.html https://security.gentoo.org/glsa/201811-04 https://usn.ubuntu.com/3801-1 https://www.debian.org/security/2018/dsa-4324 https://www.mozilla.org/security/advisories/mfsa2018-26&# • CWE-284: Improper Access Control •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 1CVE-2018-12382
https://notcve.org/view.php?id=CVE-2018-12382
The displayed addressbar URL can be spoofed on Firefox for Android using a javascript: URI in concert with JavaScript to insert text before the loaded domain name, scrolling the loaded domain out of view to the right. This can lead to user confusion. *This vulnerability only affects Firefox for Android < 62.* La URL de la barra de direcciones mostrada puede suplantarse en Firefox para Android mediante un URI javascript: con JavaScript para insertar texto antes del nombre de dominio cargado, desplazando el dominio cargado fuera de la vista hacia la derecha. Esto puede conducir a una confusión de usuarios. *Esta vulnerabilidad solo afecta a Firefox para Android en versiones anteriores a la 62 *. • http://www.securityfocus.com/bid/105276 http://www.securitytracker.com/id/1041610 https://bugzilla.mozilla.org/show_bug.cgi?id=1479311 https://www.mozilla.org/security/advisories/mfsa2018-20 • CWE-20: Improper Input Validation •
CVSS: 9.1EPSS: 37%CPEs: 16EXPL: 1CVE-2018-12387 – Mozilla: stack out-of-bounds read in Array.prototype.push
https://notcve.org/view.php?id=CVE-2018-12387
A vulnerability where the JavaScript JIT compiler inlines Array.prototype.push with multiple arguments that results in the stack pointer being off by 8 bytes after a bailout. This leaks a memory address to the calling function which can be used as part of an exploit inside the sandboxed content process. This vulnerability affects Firefox ESR < 60.2.2 and Firefox < 62.0.3. Vulnerabilidad por la cual el compilador JIT de JavaScript inserta Array.prototype.push con múltiples argumentos que resultan en que el puntero de la pila está fuera de su sitio por 8 bytes tras un bailout. Esto filtra una dirección de memoria a la función llamante que puede emplearse como parte de un exploit dentro del proceso de contenido en sandbox. • http://www.securityfocus.com/bid/105460 http://www.securitytracker.com/id/1041770 https://access.redhat.com/errata/RHSA-2018:2881 https://access.redhat.com/errata/RHSA-2018:2884 https://bugzilla.mozilla.org/show_bug.cgi?id=1493903 https://security.gentoo.org/glsa/201810-01 https://usn.ubuntu.com/3778-1 https://www.debian.org/security/2018/dsa-4310 https://www.mozilla.org/security/advisories/mfsa2018-24 https://access.redhat.com/security/cve/CVE-2018-12387 https:/&#x • CWE-20: Improper Input Validation CWE-125: Out-of-bounds Read •
CVSS: 9.3EPSS: 25%CPEs: 5EXPL: 1CVE-2018-12368
https://notcve.org/view.php?id=CVE-2018-12368
Windows 10 does not warn users before opening executable files with the SettingContent-ms extension even when they have been downloaded from the internet and have the "Mark of the Web." Without the warning, unsuspecting users unfamiliar with this new file type might run an unwanted executable. This also allows a WebExtension with the limited downloads.open permission to execute arbitrary code without user interaction on Windows 10 systems. *Note: this issue only affects Windows operating systems. Other operating systems are unaffected.*. • http://www.securityfocus.com/bid/104560 http://www.securitytracker.com/id/1041193 https://bugzilla.mozilla.org/show_bug.cgi?id=1468217 https://posts.specterops.io/the-tale-of-settingcontent-ms-files-f1ea253e4d39 https://security.gentoo.org/glsa/201810-01 https://www.mozilla.org/security/advisories/mfsa2018-15 https://www.mozilla.org/security/advisories/mfsa2018-16 https://www.mozilla.org/security/advisories/mfsa2018-17 https://www.mozilla.org/security/advisories/mfsa2018-18 https://www&# •