CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-9073
https://notcve.org/view.php?id=CVE-2016-9073
WebExtensions can bypass security checks to load privileged URLs and potentially escape the WebExtension sandbox. This vulnerability affects Firefox < 50. WebExtensions puede omitir las comprobaciones de seguridad para cargar URL privilegiadas y escapar del sandbox de WebExtension. La vulnerabilidad afecta a Firefox en versiones anteriores a la 50. • http://www.securityfocus.com/bid/94337 http://www.securitytracker.com/id/1037298 https://bugzilla.mozilla.org/show_bug.cgi?id=1289273 https://www.mozilla.org/security/advisories/mfsa2016-89 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-9067
https://notcve.org/view.php?id=CVE-2016-9067
Two use-after-free errors during DOM operations resulting in potentially exploitable crashes. This vulnerability affects Firefox < 50. Dos errores de uso de memoria previamente liberada durante operaciones DOM resultan en cierres inesperados potencialmente explotables. La vulnerabilidad afecta a Firefox en versiones anteriores a la 50. • http://www.securityfocus.com/bid/94337 http://www.securitytracker.com/id/1037298 https://bugzilla.mozilla.org/show_bug.cgi?id=1301777 https://bugzilla.mozilla.org/show_bug.cgi?id=1308922 https://www.mozilla.org/security/advisories/mfsa2016-89 • CWE-416: Use After Free •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-5289
https://notcve.org/view.php?id=CVE-2016-5289
Memory safety bugs were reported in Firefox 49. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 50. Se han reportado errores de seguridad de memoria en Firefox 49. Algunos de estos errores mostraron evidencias de corrupción de memoria y se entiende que, con el suficiente esfuerzo, algunos de estos podrían explotarse para ejecutar código arbitrario. • http://www.securityfocus.com/bid/94337 http://www.securitytracker.com/id/1037298 https://bugzilla.mozilla.org/buglist.cgi?bug_id=1296649%2C1298107%2C1300129%2C1305876%2C1314667%2C1301252%2C1277866%2C1307254%2C1252511%2C1264053 https://www.mozilla.org/security/advisories/mfsa2016-89 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0CVE-2016-9077
https://notcve.org/view.php?id=CVE-2016-9077
Canvas allows the use of the "feDisplacementMap" filter on images loaded cross-origin. The rendering by the filter is variable depending on the input pixel, allowing for timing attacks when the images are loaded from third party locations. This vulnerability affects Firefox < 50. Canvas permite el uso del filtro "feDisplacementMap" en Cross-Origin cargado en imágenes. El renderizado realizado por el filtro es variable dependiendo del píxel de entrada, lo que permite ataques de sincronización cuando las imágenes se cargan desde ubicaciones de terceros. • http://www.securityfocus.com/bid/94337 http://www.securitytracker.com/id/1037298 https://bugzilla.mozilla.org/show_bug.cgi?id=1298552 https://www.mozilla.org/security/advisories/mfsa2016-89 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-9069
https://notcve.org/view.php?id=CVE-2016-9069
A use-after-free in nsINode::ReplaceOrInsertBefore during DOM operations resulting in potentially exploitable crashes. This vulnerability affects Firefox < 50. Un error de uso de memoria previamente liberada en nsINode::ReplaceOrInsertBefore durante operaciones DOM resultan en cierres inesperados potencialmente explotables. La vulnerabilidad afecta a Firefox en versiones anteriores a la 50. • http://www.securityfocus.com/bid/94337 http://www.securitytracker.com/id/1037298 https://bugzilla.mozilla.org/show_bug.cgi?id=1308922 https://www.mozilla.org/security/advisories/mfsa2016-89 • CWE-416: Use After Free •