CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2017-5397
https://notcve.org/view.php?id=CVE-2017-5397
The cache directory on the local file system is set to be world writable. Firefox defaults to extracting libraries from this cache. This allows for the possibility of an installed malicious application or tools with write access to the file system to replace files used by Firefox with their own versions. This vulnerability affects Firefox < 51.0.3. El directorio cache en el sistema de archivos local está establecido para que tenga permisos de escritura global. • http://www.securityfocus.com/bid/96144 https://bugzilla.mozilla.org/show_bug.cgi?id=1337304 https://www.mozilla.org/security/advisories/mfsa2017-04 • CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2017-7782
https://notcve.org/view.php?id=CVE-2017-7782
An error in the "WindowsDllDetourPatcher" where a RWX ("Read/Write/Execute") 4k block is allocated but never protected, violating DEP protections. Note: This attack only affects Windows operating systems. Other operating systems are not affected. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. Error en "WindowsDllDetourPatcher", donde un bloque 4k RWX ("Read/Write/Execute") se asigna, pero nunca se proteje, violando las protecciones DEP. • http://www.securityfocus.com/bid/100243 http://www.securitytracker.com/id/1039124 https://bugzilla.mozilla.org/show_bug.cgi?id=1344034 https://www.mozilla.org/security/advisories/mfsa2017-18 https://www.mozilla.org/security/advisories/mfsa2017-19 https://www.mozilla.org/security/advisories/mfsa2017-20 • CWE-269: Improper Privilege Management •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2018-5169
https://notcve.org/view.php?id=CVE-2018-5169
If manipulated hyperlinked text with "chrome:" URL contained in it is dragged and dropped on the "home" icon, the home page can be reset to include a normally-unlinkable chrome page as one of the home page tabs. This vulnerability affects Firefox < 60. Si se manipula el texto hipervinculado que contiene una URL "chrome:" y se arrastra y suelta en el icono "home", la página de inicio se puede restablecer para incluir una página chrome que normalmente no es enlazable como una de las pestañas de la página de inicio. Esta vulnerabilidad afecta a las versiones anteriores a la 60 de Firefox. • http://www.securityfocus.com/bid/104139 http://www.securitytracker.com/id/1040896 https://bugzilla.mozilla.org/show_bug.cgi?id=1319157 https://usn.ubuntu.com/3645-1 https://www.mozilla.org/security/advisories/mfsa2018-11 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2018-5153
https://notcve.org/view.php?id=CVE-2018-5153
If websocket data is sent with mixed text and binary in a single message, the binary data can be corrupted. This can result in an out-of-bounds read with the read memory sent to the originating server in response. This vulnerability affects Firefox < 60. Si se envían datos de sockets web con texto mixto y binario en un solo mensaje, los datos binarios pueden corromperse. Esto puede resultar en una lectura fuera de límites con la memoria de lectura enviada al servidor de origen en respuesta. • http://www.securityfocus.com/bid/104139 http://www.securitytracker.com/id/1040896 https://bugzilla.mozilla.org/show_bug.cgi?id=1436809 https://usn.ubuntu.com/3645-1 https://www.mozilla.org/security/advisories/mfsa2018-11 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2018-5166
https://notcve.org/view.php?id=CVE-2018-5166
WebExtensions can use request redirection and a "filterReponseData" filter to bypass host permission settings to redirect network traffic and access content from a host for which they do not have explicit user permission. This vulnerability affects Firefox < 60. WebExtensions puede utilizar la redirección de peticiones y un filtro "filterReponseData" para eludir la configuración de permisos del host para redirigir el tráfico de red y acceder al contenido de un host para el que no tienen permiso explícito del usuario. Esta vulnerabilidad afecta a las versiones anteriores a la 60 de Firefox. • http://www.securityfocus.com/bid/104139 http://www.securitytracker.com/id/1040896 https://bugzilla.mozilla.org/show_bug.cgi?id=1437325 https://usn.ubuntu.com/3645-1 https://www.mozilla.org/security/advisories/mfsa2018-11 • CWE-269: Improper Privilege Management •