CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2017-5394
https://notcve.org/view.php?id=CVE-2017-5394
A location bar spoofing attack where the location bar of loaded page will be shown over the content of another tab due to a series of JavaScript events combined with fullscreen mode. Note: This issue only affects Firefox for Android. Other operating systems are not affected. This vulnerability affects Firefox < 51. Ataque de suplantación de barra de direcciones donde la barra de direcciones de la página cargada se mostrará sobre el contenido de otra pestaña debido a la combinación de una serie de eventos JavaScript con el modo de ventana completa. • http://www.securityfocus.com/bid/95763 http://www.securitytracker.com/id/1037693 https://bugzilla.mozilla.org/show_bug.cgi?id=1222798 https://www.mozilla.org/security/advisories/mfsa2017-01 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 1CVE-2017-5409
https://notcve.org/view.php?id=CVE-2017-5409
The Mozilla Windows updater can be called by a non-privileged user to delete an arbitrary local file by passing a special path to the callback parameter through the Mozilla Maintenance Service, which has privileged access. Note: This attack requires local system access and only affects Windows. Other operating systems are not affected. This vulnerability affects Firefox ESR < 45.8 and Firefox < 52. El actualizador Mozilla para Windows puede ser llamado por un usuario sin privilegios para eliminar un archivo local arbitrario pasando una ruta especial al parámetro callback mediante Mozilla Maintenance Service, que tiene acceso privilegiado. • http://www.securityfocus.com/bid/96696 http://www.securitytracker.com/id/1037966 https://bugzilla.mozilla.org/show_bug.cgi?id=1321814 https://www.mozilla.org/security/advisories/mfsa2017-05 https://www.mozilla.org/security/advisories/mfsa2017-06 • CWE-269: Improper Privilege Management •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2018-5110
https://notcve.org/view.php?id=CVE-2018-5110
If cursor visibility is toggled by script using from 'none' to an image and back through script, the cursor will be rendered temporarily invisible within Firefox. Note: This vulnerability only affects OS X. Other operating systems are not affected. This vulnerability affects Firefox < 58. Si la visibilidad del cursor se cambia con un script usando desde "nada" hasta una imagen y viceversa a través del script, el cursor se vuelve temporalmente invisible en Firefox. • http://www.securityfocus.com/bid/102786 http://www.securitytracker.com/id/1040270 https://bugzilla.mozilla.org/show_bug.cgi?id=1423275 https://www.mozilla.org/security/advisories/mfsa2018-02 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 1CVE-2017-5411
https://notcve.org/view.php?id=CVE-2017-5411
A use-after-free can occur during buffer storage operations within the ANGLE graphics library, used for WebGL content. The buffer storage can be freed while still in use in some circumstances, leading to a potentially exploitable crash. Note: This issue is in "libGLES", which is only in use on Windows. Other operating systems are not affected. This vulnerability affects Firefox < 52 and Thunderbird < 52. • http://www.securityfocus.com/bid/96692 http://www.securitytracker.com/id/1037966 https://bugzilla.mozilla.org/show_bug.cgi?id=1325511 https://www.mozilla.org/security/advisories/mfsa2017-05 https://www.mozilla.org/security/advisories/mfsa2017-09 • CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2017-7804
https://notcve.org/view.php?id=CVE-2017-7804
The destructor function for the "WindowsDllDetourPatcher" class can be re-purposed by malicious code in concert with another vulnerability to write arbitrary data to an attacker controlled location in memory. This can be used to bypass existing memory protections in this situation. Note: This attack only affects Windows operating systems. Other operating systems are not affected. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. • http://www.securityfocus.com/bid/100234 http://www.securitytracker.com/id/1039124 https://bugzilla.mozilla.org/show_bug.cgi?id=1372849 https://www.mozilla.org/security/advisories/mfsa2017-18 https://www.mozilla.org/security/advisories/mfsa2017-19 https://www.mozilla.org/security/advisories/mfsa2017-20 • CWE-20: Improper Input Validation •