CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2017-7767
https://notcve.org/view.php?id=CVE-2017-7767
The Mozilla Maintenance Service can be invoked by an unprivileged user to overwrite arbitrary files with junk data using the Mozilla Windows Updater, which runs with the Maintenance Service's privileged access. Note: This attack requires local system access and only affects Windows. Other operating systems are not affected. This vulnerability affects Firefox ESR < 52.2 and Firefox < 54. Mozilla Maintenance Service puede ser invocado por un usuario sin privilegios para sobrescribir archivos arbitrarios con datos basura mediante Mozilla Windows Updater, el cual se ejecuta con el acceso privilegiado de Maintenance Service. • http://www.securityfocus.com/bid/99057 http://www.securitytracker.com/id/1038689 https://bugzilla.mozilla.org/show_bug.cgi?id=1336964 https://www.mozilla.org/security/advisories/mfsa2017-15 https://www.mozilla.org/security/advisories/mfsa2017-16 • CWE-269: Improper Privilege Management •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2016-5298
https://notcve.org/view.php?id=CVE-2016-5298
A mechanism where disruption of the loading of a new web page can cause the previous page's favicon and SSL indicator to not be reset when the new page is loaded. Note: this issue only affects Firefox for Android. Desktop Firefox is unaffected. This vulnerability affects Firefox < 50. Un mecanismo donde la interrupción de la carga de una nueva página web puede provocar que los indicadores favicon y SSL de la página anterior no se restablezcan. • http://www.securityfocus.com/bid/94337 http://www.securitytracker.com/id/1037298 https://bugzilla.mozilla.org/show_bug.cgi?id=1227538 https://www.mozilla.org/security/advisories/mfsa2016-89 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2017-5425
https://notcve.org/view.php?id=CVE-2017-5425
The Gecko Media Plugin sandbox allows access to local files that match specific regular expressions. On OS OX, this matching allows access to some data in subdirectories of "/private/var" that could expose personal or temporary data. This has been updated to not allow access to "/private/var" and its subdirectories. Note: this issue only affects OS X. Other operating systems are not affected. • http://www.securityfocus.com/bid/96692 http://www.securitytracker.com/id/1037966 https://bugzilla.mozilla.org/show_bug.cgi?id=1322716 https://www.mozilla.org/security/advisories/mfsa2017-05 https://www.mozilla.org/security/advisories/mfsa2017-09 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 3.3EPSS: 0%CPEs: 2EXPL: 1CVE-2016-9062
https://notcve.org/view.php?id=CVE-2016-9062
Private browsing mode leaves metadata information, such as URLs, for sites visited in "browser.db" and "browser.db-wal" files within the Firefox profile after the mode is exited. Note: This issue only affects Firefox for Android. Other versions and operating systems are unaffected. This vulnerability affects Firefox < 50. El modo de navegación privada deja información de metadatos, como las URL, para los sitios visitados en archivos "browser.db" y "browser.db-wal" en el perfil de Firefox tras salir del modo. • http://www.securityfocus.com/bid/94337 http://www.securitytracker.com/id/1037298 https://bugzilla.mozilla.org/show_bug.cgi?id=1294438 https://www.mozilla.org/security/advisories/mfsa2016-89 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 1CVE-2016-5294
https://notcve.org/view.php?id=CVE-2016-5294
The Mozilla Updater can be made to choose an arbitrary target working directory for output files resulting from the update process. This vulnerability requires local system access. Note: this issue only affects Windows operating systems. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50. Mozilla Updater puede ser forzado a escoger un directorio de trabajo objetivo arbitrario para enviar archivos resultantes del proceso de actualización. • http://www.securityfocus.com/bid/94336 http://www.securitytracker.com/id/1037298 https://bugzilla.mozilla.org/show_bug.cgi?id=1246972 https://security.gentoo.org/glsa/201701-15 https://www.mozilla.org/security/advisories/mfsa2016-89 https://www.mozilla.org/security/advisories/mfsa2016-90 https://www.mozilla.org/security/advisories/mfsa2016-93 • CWE-20: Improper Input Validation •