CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2016-5295
https://notcve.org/view.php?id=CVE-2016-5295
This vulnerability allows an attacker to use the Mozilla Maintenance Service to escalate privilege by having the Maintenance Service invoke the Mozilla Updater to run malicious local files. This vulnerability requires local system access and is a variant of MFSA2013-44. Note: this issue only affects Windows operating systems. This vulnerability affects Firefox < 50. Esta vulnerabilidad permite que un atacante emplee Mozilla Maintenance Service para escalar privilegios haciendo que Maintenance Service invoque a Mozilla Updater para ejecutar archivos locales maliciosos. • http://www.securityfocus.com/bid/94337 http://www.securitytracker.com/id/1037298 https://bugzilla.mozilla.org/show_bug.cgi?id=1247239 https://www.mozilla.org/en-US/security/advisories/mfsa2013-44 https://www.mozilla.org/security/advisories/mfsa2016-89 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2016-5299
https://notcve.org/view.php?id=CVE-2016-5299
A previously installed malicious Android application with same signature-level permissions as Firefox can intercept AuthTokens meant for Firefox only. Note: This issue only affects Firefox for Android. Other versions and operating systems are unaffected. This vulnerability affects Firefox < 50. Una aplicación Android maliciosa previamente instalada con los mismos permisos a nivel de firma que Firefox puede interceptar AuthTokens destinados solo a Firefox. • http://www.securityfocus.com/bid/94337 http://www.securitytracker.com/id/1037298 https://bugzilla.mozilla.org/show_bug.cgi?id=1245791 https://www.mozilla.org/security/advisories/mfsa2016-89 • CWE-275: Permission Issues •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2016-9065
https://notcve.org/view.php?id=CVE-2016-9065
The location bar in Firefox for Android can be spoofed by forcing a user into fullscreen mode, blocking its exiting, and creating of a fake location bar without any user notification. Note: This issue only affects Firefox for Android. Other versions and operating systems are unaffected. This vulnerability affects Firefox < 50. La barra de direcciones en firefox para Android puede suplantarse forzando a un usuario a emplear el modo de pantalla completa, bloqueando la salida y creando una barra de direcciones falsa sin notificaciones de usuario. • http://www.securityfocus.com/bid/94342 http://www.securitytracker.com/id/1037298 https://bugzilla.mozilla.org/show_bug.cgi?id=1306696 https://www.mozilla.org/security/advisories/mfsa2016-89 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7844
https://notcve.org/view.php?id=CVE-2017-7844
A combination of an external SVG image referenced on a page and the coloring of anchor links stored within this image can be used to determine which pages a user has in their history. This can allow a malicious website to query user history. Note: This issue only affects Firefox 57. Earlier releases are not affected. This vulnerability affects Firefox < 57.0.1. • http://www.securityfocus.com/bid/102039 http://www.securitytracker.com/id/1039954 https://bugzilla.mozilla.org/show_bug.cgi?id=1420001 https://www.mozilla.org/security/advisories/mfsa2017-27 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2018-5110
https://notcve.org/view.php?id=CVE-2018-5110
If cursor visibility is toggled by script using from 'none' to an image and back through script, the cursor will be rendered temporarily invisible within Firefox. Note: This vulnerability only affects OS X. Other operating systems are not affected. This vulnerability affects Firefox < 58. Si la visibilidad del cursor se cambia con un script usando desde "nada" hasta una imagen y viceversa a través del script, el cursor se vuelve temporalmente invisible en Firefox. • http://www.securityfocus.com/bid/102786 http://www.securitytracker.com/id/1040270 https://bugzilla.mozilla.org/show_bug.cgi?id=1423275 https://www.mozilla.org/security/advisories/mfsa2018-02 • CWE-20: Improper Input Validation •