CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2016-5298
https://notcve.org/view.php?id=CVE-2016-5298
A mechanism where disruption of the loading of a new web page can cause the previous page's favicon and SSL indicator to not be reset when the new page is loaded. Note: this issue only affects Firefox for Android. Desktop Firefox is unaffected. This vulnerability affects Firefox < 50. Un mecanismo donde la interrupción de la carga de una nueva página web puede provocar que los indicadores favicon y SSL de la página anterior no se restablezcan. • http://www.securityfocus.com/bid/94337 http://www.securitytracker.com/id/1037298 https://bugzilla.mozilla.org/show_bug.cgi?id=1227538 https://www.mozilla.org/security/advisories/mfsa2016-89 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2017-7760
https://notcve.org/view.php?id=CVE-2017-7760
The Mozilla Windows updater modifies some files to be updated by reading the original file and applying changes to it. The location of the original file can be altered by a malicious user by passing a special path to the callback parameter through the Mozilla Maintenance Service, allowing the manipulation of files in the installation directory and privilege escalation by manipulating the Mozilla Maintenance Service, which has privileged access. Note: This attack requires local system access and only affects Windows. Other operating systems are not affected. This vulnerability affects Firefox ESR < 52.2 and Firefox < 54. • http://www.securityfocus.com/bid/99057 http://www.securitytracker.com/id/1038689 https://bugzilla.mozilla.org/show_bug.cgi?id=1348645 https://www.mozilla.org/security/advisories/mfsa2017-15 https://www.mozilla.org/security/advisories/mfsa2017-16 • CWE-417: Communication Channel Errors •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2016-9061
https://notcve.org/view.php?id=CVE-2016-9061
A previously installed malicious Android application which defines a specific signature-level permissions used by Firefox can access API keys meant for Firefox only. Note: This issue only affects Firefox for Android. Other versions and operating systems are unaffected. This vulnerability affects Firefox < 50. Una aplicación Android maliciosa previamente instalada que define permisos específicos a nivel de firma empleados por Firefox puede acceder a claves API destinadas solo a Firefox. • http://www.securityfocus.com/bid/94337 http://www.securitytracker.com/id/1037298 https://bugzilla.mozilla.org/show_bug.cgi?id=1245795 https://www.mozilla.org/security/advisories/mfsa2016-89 • CWE-275: Permission Issues •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-5468
https://notcve.org/view.php?id=CVE-2017-5468
An issue with incorrect ownership model of "privateBrowsing" information exposed through developer tools. This can result in a non-exploitable crash when manually triggered during debugging. This vulnerability affects Firefox < 53. Se ha expuesto un problema con el modelo incorrecto de propiedad de la información "privateBrowsing" mediante las herramientas de desarrollador. Esto puede resultar en un cierre inesperado no explotable cuando se desencadena manualmente durante la depuración. • http://www.securityfocus.com/bid/97940 http://www.securitytracker.com/id/1038320 https://bugzilla.mozilla.org/show_bug.cgi?id=1329521 https://www.mozilla.org/security/advisories/mfsa2017-10 • CWE-665: Improper Initialization •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2017-7768
https://notcve.org/view.php?id=CVE-2017-7768
The Mozilla Maintenance Service can be invoked by an unprivileged user to read 32 bytes of any arbitrary file on the local system by convincing the service that it is reading a status file provided by the Mozilla Windows Updater. The Mozilla Maintenance Service executes with privileged access, bypassing system protections against unprivileged users. Note: This attack requires local system access and only affects Windows. Other operating systems are not affected. This vulnerability affects Firefox ESR < 52.2 and Firefox < 54. • http://www.securityfocus.com/bid/99057 http://www.securitytracker.com/id/1038689 https://bugzilla.mozilla.org/show_bug.cgi?id=1336979 https://www.mozilla.org/security/advisories/mfsa2017-15 https://www.mozilla.org/security/advisories/mfsa2017-16 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •