CVE-2016-5299
https://notcve.org/view.php?id=CVE-2016-5299
A previously installed malicious Android application with same signature-level permissions as Firefox can intercept AuthTokens meant for Firefox only. Note: This issue only affects Firefox for Android. Other versions and operating systems are unaffected. This vulnerability affects Firefox < 50. Una aplicación Android maliciosa previamente instalada con los mismos permisos a nivel de firma que Firefox puede interceptar AuthTokens destinados solo a Firefox. • http://www.securityfocus.com/bid/94337 http://www.securitytracker.com/id/1037298 https://bugzilla.mozilla.org/show_bug.cgi?id=1245791 https://www.mozilla.org/security/advisories/mfsa2016-89 • CWE-275: Permission Issues •
CVE-2016-9065
https://notcve.org/view.php?id=CVE-2016-9065
The location bar in Firefox for Android can be spoofed by forcing a user into fullscreen mode, blocking its exiting, and creating of a fake location bar without any user notification. Note: This issue only affects Firefox for Android. Other versions and operating systems are unaffected. This vulnerability affects Firefox < 50. La barra de direcciones en firefox para Android puede suplantarse forzando a un usuario a emplear el modo de pantalla completa, bloqueando la salida y creando una barra de direcciones falsa sin notificaciones de usuario. • http://www.securityfocus.com/bid/94342 http://www.securitytracker.com/id/1037298 https://bugzilla.mozilla.org/show_bug.cgi?id=1306696 https://www.mozilla.org/security/advisories/mfsa2016-89 • CWE-20: Improper Input Validation •
CVE-2017-7844
https://notcve.org/view.php?id=CVE-2017-7844
A combination of an external SVG image referenced on a page and the coloring of anchor links stored within this image can be used to determine which pages a user has in their history. This can allow a malicious website to query user history. Note: This issue only affects Firefox 57. Earlier releases are not affected. This vulnerability affects Firefox < 57.0.1. • http://www.securityfocus.com/bid/102039 http://www.securitytracker.com/id/1039954 https://bugzilla.mozilla.org/show_bug.cgi?id=1420001 https://www.mozilla.org/security/advisories/mfsa2017-27 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2018-5110
https://notcve.org/view.php?id=CVE-2018-5110
If cursor visibility is toggled by script using from 'none' to an image and back through script, the cursor will be rendered temporarily invisible within Firefox. Note: This vulnerability only affects OS X. Other operating systems are not affected. This vulnerability affects Firefox < 58. Si la visibilidad del cursor se cambia con un script usando desde "nada" hasta una imagen y viceversa a través del script, el cursor se vuelve temporalmente invisible en Firefox. • http://www.securityfocus.com/bid/102786 http://www.securitytracker.com/id/1040270 https://bugzilla.mozilla.org/show_bug.cgi?id=1423275 https://www.mozilla.org/security/advisories/mfsa2018-02 • CWE-20: Improper Input Validation •
CVE-2017-5463
https://notcve.org/view.php?id=CVE-2017-5463
Android intents can be used to launch Firefox for Android in reader mode with a user specified URL. This allows an attacker to spoof the contents of the addressbar as displayed to users. Note: This attack only affects Firefox for Android. Other operating systems are not affected. This vulnerability affects Firefox < 53. • http://www.securityfocus.com/bid/97940 http://www.securitytracker.com/id/1038320 https://bugzilla.mozilla.org/show_bug.cgi?id=1338867 https://www.mozilla.org/security/advisories/mfsa2017-10 • CWE-20: Improper Input Validation •