CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2016-5295
https://notcve.org/view.php?id=CVE-2016-5295
This vulnerability allows an attacker to use the Mozilla Maintenance Service to escalate privilege by having the Maintenance Service invoke the Mozilla Updater to run malicious local files. This vulnerability requires local system access and is a variant of MFSA2013-44. Note: this issue only affects Windows operating systems. This vulnerability affects Firefox < 50. Esta vulnerabilidad permite que un atacante emplee Mozilla Maintenance Service para escalar privilegios haciendo que Maintenance Service invoque a Mozilla Updater para ejecutar archivos locales maliciosos. • http://www.securityfocus.com/bid/94337 http://www.securitytracker.com/id/1037298 https://bugzilla.mozilla.org/show_bug.cgi?id=1247239 https://www.mozilla.org/en-US/security/advisories/mfsa2013-44 https://www.mozilla.org/security/advisories/mfsa2016-89 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2018-5138
https://notcve.org/view.php?id=CVE-2018-5138
A spoofing vulnerability can occur when a malicious site with an extremely long domain name is opened in an Android Custom Tab (a browser panel inside another app) and the default browser is Firefox for Android. This could allow an attacker to spoof which page is actually loaded and in use. Note: this issue only affects Firefox for Android. Other versions and operating systems are unaffected. This vulnerability affects Firefox < 59. • http://www.securityfocus.com/bid/103386 http://www.securitytracker.com/id/1040514 https://bugzilla.mozilla.org/show_bug.cgi?id=1432624 https://www.mozilla.org/security/advisories/mfsa2018-06 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2016-5299
https://notcve.org/view.php?id=CVE-2016-5299
A previously installed malicious Android application with same signature-level permissions as Firefox can intercept AuthTokens meant for Firefox only. Note: This issue only affects Firefox for Android. Other versions and operating systems are unaffected. This vulnerability affects Firefox < 50. Una aplicación Android maliciosa previamente instalada con los mismos permisos a nivel de firma que Firefox puede interceptar AuthTokens destinados solo a Firefox. • http://www.securityfocus.com/bid/94337 http://www.securitytracker.com/id/1037298 https://bugzilla.mozilla.org/show_bug.cgi?id=1245791 https://www.mozilla.org/security/advisories/mfsa2016-89 • CWE-275: Permission Issues •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-5468
https://notcve.org/view.php?id=CVE-2017-5468
An issue with incorrect ownership model of "privateBrowsing" information exposed through developer tools. This can result in a non-exploitable crash when manually triggered during debugging. This vulnerability affects Firefox < 53. Se ha expuesto un problema con el modelo incorrecto de propiedad de la información "privateBrowsing" mediante las herramientas de desarrollador. Esto puede resultar en un cierre inesperado no explotable cuando se desencadena manualmente durante la depuración. • http://www.securityfocus.com/bid/97940 http://www.securitytracker.com/id/1038320 https://bugzilla.mozilla.org/show_bug.cgi?id=1329521 https://www.mozilla.org/security/advisories/mfsa2017-10 • CWE-665: Improper Initialization •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2017-5392
https://notcve.org/view.php?id=CVE-2017-5392
Weak proxy objects have weak references on multiple threads when they should only have them on one, resulting in incorrect memory usage and corruption, which leads to potentially exploitable crashes. Note: This issue only affects Firefox for Android. Other operating systems are not affected. This vulnerability affects Firefox < 51. Los objetos proxy débiles tienen referencias débiles en múltiples hilos cuando solo deberían tenerlas en uno, lo que resulta en un uso incorrecto y una corrupción de la memoria, lo que conduce a potenciales cierres inesperados. • http://www.securityfocus.com/bid/95763 http://www.securitytracker.com/id/1037693 https://bugzilla.mozilla.org/show_bug.cgi?id=1293709 https://www.mozilla.org/security/advisories/mfsa2017-01 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •