CVSS: 7.5EPSS: 3%CPEs: 4EXPL: 0CVE-2018-5093
https://notcve.org/view.php?id=CVE-2018-5093
A heap buffer overflow vulnerability may occur in WebAssembly during Memory/Table resizing, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 58. Podría ocurrir un desbordamiento de búfer basado en memoria dinámica (heap) en WebAssembly durante el redimensionamiento de Memory/Table, resultando en un cierre inesperado potencialmente explotable. Esta vulnerabilidad afecta a las versiones anteriores a la 58 de Firefox. • http://www.securityfocus.com/bid/102786 http://www.securitytracker.com/id/1040270 https://bugzilla.mozilla.org/show_bug.cgi?id=1415291 https://usn.ubuntu.com/3544-1 https://www.mozilla.org/security/advisories/mfsa2018-02 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 3%CPEs: 4EXPL: 0CVE-2018-5094
https://notcve.org/view.php?id=CVE-2018-5094
A heap buffer overflow vulnerability may occur in WebAssembly when "shrinkElements" is called followed by garbage collection on memory that is now uninitialized. This results in a potentially exploitable crash. This vulnerability affects Firefox < 58. Podría ocurrir un desbordamiento de búfer basado en memoria dinámica (heap) en WebAssembly cuando se llama a "shrinkElements" seguido de la recolección de basura (garbage collection) en la memoria que ahora está sin inicializar. Esto resulta en un cierre inesperado explotable. • http://www.securityfocus.com/bid/102786 http://www.securitytracker.com/id/1040270 https://bugzilla.mozilla.org/show_bug.cgi?id=1415883 https://usn.ubuntu.com/3544-1 https://www.mozilla.org/security/advisories/mfsa2018-02 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2018-5101
https://notcve.org/view.php?id=CVE-2018-5101
A use-after-free vulnerability can occur when manipulating floating "first-letter" style elements, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 58. Puede ocurrir una vulnerabilidad de uso de memoria previamente liberada cuando se manipulan elementos de estilo "first-letter" flotantes, resultando en un cierre inesperado potencialmente explotable. Esta vulnerabilidad afecta a las versiones anteriores a la 58 de Firefox. • http://www.securityfocus.com/bid/102786 http://www.securitytracker.com/id/1040270 https://bugzilla.mozilla.org/show_bug.cgi?id=1417661 https://usn.ubuntu.com/3544-1 https://www.mozilla.org/security/advisories/mfsa2018-02 • CWE-416: Use After Free •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2018-5109
https://notcve.org/view.php?id=CVE-2018-5109
An audio capture session can started under an incorrect origin from the site making the capture request. Users are still prompted to allow the request but the prompt can display the wrong origin, leading to user confusion about which site is making the request to capture an audio stream. This vulnerability affects Firefox < 58. Se puede iniciar una sesión de captura de audio bajo un origen incorrecto desde el sitio enviando una petición de captura. Se les pedirán a los usuarios que permitan la petición pero el mensaje puede mostrar un origen erróneo, confundiendo al usuario sobre qué sitio está realizando la petición para capturar una transmisión de audio. • http://www.securityfocus.com/bid/102786 http://www.securitytracker.com/id/1040270 https://bugzilla.mozilla.org/show_bug.cgi?id=1405599 https://usn.ubuntu.com/3544-1 https://www.mozilla.org/security/advisories/mfsa2018-02 • CWE-346: Origin Validation Error •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2018-5118
https://notcve.org/view.php?id=CVE-2018-5118
The screenshot images displayed in the Activity Stream page displayed when a new tab is opened is created from the meta tags of websites. An issue was discovered where the page could attempt to create these images through "file:" URLs from the local file system. This loading is blocked by the sandbox but could expose local data if combined with another attack that escapes sandbox protections. This vulnerability affects Firefox < 58. Las imágenes de captura de pantalla que se muestran en la página Activity Stream que aparece cuando se abre una nueva pestaña se crean a partir de las etiquetas meta de los sitios web. • http://www.securityfocus.com/bid/102786 http://www.securitytracker.com/id/1040270 https://bugzilla.mozilla.org/show_bug.cgi?id=1420049 https://usn.ubuntu.com/3544-1 https://www.mozilla.org/security/advisories/mfsa2018-02 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •