CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 1CVE-2018-5181
https://notcve.org/view.php?id=CVE-2018-5181
If a URL using the "file:" protocol is dragged and dropped onto an open tab that is running in a different child process the tab will open a local file corresponding to the dropped URL, contrary to policy. One way to make the target tab open more reliably in a separate process is to open it with the "noopener" keyword. This vulnerability affects Firefox < 60. Si una URL que utiliza el protocolo "file:" es arrastrada y soltada en una pestaña abierta que se está ejecutando en un proceso hijo diferente, la pestaña abrirá un archivo local correspondiente a la URL soltada, algo que va en contra de la política. Una forma de hacer que la pestaña de destino se abra de forma más fiable en un proceso separado es abrirla con la palabra clave "noopener". • http://www.securityfocus.com/bid/104139 http://www.securitytracker.com/id/1040896 https://bugzilla.mozilla.org/show_bug.cgi?id=1424107 https://usn.ubuntu.com/3645-1 https://www.mozilla.org/security/advisories/mfsa2018-11 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0CVE-2018-5167
https://notcve.org/view.php?id=CVE-2018-5167
The web console and JavaScript debugger do not sanitize all output that can be hyperlinked. Both will display "chrome:" links as active, clickable hyperlinks in their output. Web sites should not be able to directly link to internal chrome pages. Additionally, the JavaScript debugger will display "javascript:" links, which users could be tricked into clicking by malicious sites. This vulnerability affects Firefox < 60. • http://www.securityfocus.com/bid/104139 http://www.securitytracker.com/id/1040896 https://bugzilla.mozilla.org/show_bug.cgi?id=1447969 https://usn.ubuntu.com/3645-1 https://www.mozilla.org/security/advisories/mfsa2018-11 • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0CVE-2018-5175
https://notcve.org/view.php?id=CVE-2018-5175
A mechanism to bypass Content Security Policy (CSP) protections on sites that have a "script-src" policy of "'strict-dynamic'". If a target website contains an HTML injection flaw an attacker could inject a reference to a copy of the "require.js" library that is part of Firefox's Developer Tools, and then use a known technique using that library to bypass the CSP restrictions on executing injected scripts. This vulnerability affects Firefox < 60. Un mecanismo para omitir las protecciones de la Política de Seguridad de Contenidos (CSP) en sitios que tienen una política "script-src" de "strict-dynamic". Si un sitio web objetivo contiene una vulnerabilidad de inyección HTML, el atacante podría inyectar una referencia a una copia de la librería "require.js" que forma parte de las herramientas de desarrollo de Firefox y, a continuación, utilizar una técnica conocida que utilice dicha librería para omitir las restricciones del CSP sobre la ejecución de scripts inyectados. • http://www.securityfocus.com/bid/104139 http://www.securitytracker.com/id/1040896 https://bugzilla.mozilla.org/show_bug.cgi?id=1432358 https://usn.ubuntu.com/3645-1 https://www.mozilla.org/security/advisories/mfsa2018-11 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2018-5160
https://notcve.org/view.php?id=CVE-2018-5160
WebRTC can use a "WrappedI420Buffer" pixel buffer but the owning image object can be freed while it is still in use. This can result in the WebRTC encoder using uninitialized memory, leading to a potentially exploitable crash. This vulnerability affects Firefox < 60. WebRTC puede utilizar un búfer de píxeles "WrappedI420Buffer", pero el objeto owning image puede liberarse mientras está en uso. Esto puede provocar que el codificador WebRTC utilice memoria no inicializada, lo que puede provocar un cierre inesperado potencialmente explotable. • http://www.securityfocus.com/bid/104139 http://www.securitytracker.com/id/1040896 https://bugzilla.mozilla.org/show_bug.cgi?id=1436117 https://usn.ubuntu.com/3645-1 https://www.mozilla.org/security/advisories/mfsa2018-11 • CWE-416: Use After Free CWE-908: Use of Uninitialized Resource •
CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0CVE-2018-5176
https://notcve.org/view.php?id=CVE-2018-5176
The JSON Viewer displays clickable hyperlinks for strings that are parseable as URLs, including "javascript:" links. If a JSON file contains malicious JavaScript script embedded as "javascript:" links, users may be tricked into clicking and running this code in the context of the JSON Viewer. This can allow for the theft of cookies and authorization tokens which are accessible to that context. This vulnerability affects Firefox < 60. JSON Viewer muestra hipervínculos que se pueden hacer clic en ellos para cadenas que son analizables sintácticamente como URL, incluyendo enlaces "javascript:". • http://www.securityfocus.com/bid/104139 http://www.securitytracker.com/id/1040896 https://bugzilla.mozilla.org/show_bug.cgi?id=1442840 https://usn.ubuntu.com/3645-1 https://www.mozilla.org/security/advisories/mfsa2018-11 • CWE-20: Improper Input Validation •