CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0CVE-2016-9077
https://notcve.org/view.php?id=CVE-2016-9077
Canvas allows the use of the "feDisplacementMap" filter on images loaded cross-origin. The rendering by the filter is variable depending on the input pixel, allowing for timing attacks when the images are loaded from third party locations. This vulnerability affects Firefox < 50. Canvas permite el uso del filtro "feDisplacementMap" en Cross-Origin cargado en imágenes. El renderizado realizado por el filtro es variable dependiendo del píxel de entrada, lo que permite ataques de sincronización cuando las imágenes se cargan desde ubicaciones de terceros. • http://www.securityfocus.com/bid/94337 http://www.securitytracker.com/id/1037298 https://bugzilla.mozilla.org/show_bug.cgi?id=1298552 https://www.mozilla.org/security/advisories/mfsa2016-89 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-9069
https://notcve.org/view.php?id=CVE-2016-9069
A use-after-free in nsINode::ReplaceOrInsertBefore during DOM operations resulting in potentially exploitable crashes. This vulnerability affects Firefox < 50. Un error de uso de memoria previamente liberada en nsINode::ReplaceOrInsertBefore durante operaciones DOM resultan en cierres inesperados potencialmente explotables. La vulnerabilidad afecta a Firefox en versiones anteriores a la 50. • http://www.securityfocus.com/bid/94337 http://www.securitytracker.com/id/1037298 https://bugzilla.mozilla.org/show_bug.cgi?id=1308922 https://www.mozilla.org/security/advisories/mfsa2016-89 • CWE-416: Use After Free •
CVSS: 5.9EPSS: 0%CPEs: 4EXPL: 0CVE-2016-9074
https://notcve.org/view.php?id=CVE-2016-9074
An existing mitigation of timing side-channel attacks is insufficient in some circumstances. This issue is addressed in Network Security Services (NSS) 3.26.1. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50. Una mitigación existente de los ataques de sincronización por canal lateral es insuficiente en determinadas circunstancias. Este problema se aborda en Network Security Services (NSS) 3.26.1. • http://www.securityfocus.com/bid/94341 http://www.securitytracker.com/id/1037298 https://bugzilla.mozilla.org/show_bug.cgi?id=1293334 https://security.gentoo.org/glsa/201701-15 https://security.gentoo.org/glsa/201701-46 https://www.debian.org/security/2016/dsa-3730 https://www.mozilla.org/security/advisories/mfsa2016-89 https://www.mozilla.org/security/advisories/mfsa2016-90 https://www.mozilla.org/security/advisories/mfsa2016-93 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 1%CPEs: 4EXPL: 0CVE-2016-5296 – Mozilla: Heap-buffer-overflow WRITE in rasterize_edges_1 (MFSA 2016-89, MFSA 2016-90)
https://notcve.org/view.php?id=CVE-2016-5296
A heap-buffer-overflow in Cairo when processing SVG content caused by compiler optimization, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50. Un desbordamiento de búfer basado en memoria dinámica (heap) en Cairo al procesar contenido SVG generado por la optimización del compilador resulta en un cierre inesperado potencialmente explotable. La vulnerabilidad afecta a Thunderbird en versiones anteriores a la 45.5, Firefox ESR en versiones anteriores a la 45.5 y Firefox en versiones anteriores a la 50. • http://rhn.redhat.com/errata/RHSA-2016-2780.html http://www.securityfocus.com/bid/94339 http://www.securitytracker.com/id/1037298 https://bugzilla.mozilla.org/show_bug.cgi?id=1292443 https://security.gentoo.org/glsa/201701-15 https://www.debian.org/security/2016/dsa-3730 https://www.mozilla.org/security/advisories/mfsa2016-89 https://www.mozilla.org/security/advisories/mfsa2016-90 https://www.mozilla.org/security/advisories/mfsa2016-93 https://access.redhat.com/security/cve&#x • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 1%CPEs: 4EXPL: 0CVE-2016-9066 – Mozilla: Integer overflow leading to a buffer overflow in nsScriptLoadHandler (MFSA 2016-89, MFSA 2016-90)
https://notcve.org/view.php?id=CVE-2016-9066
A buffer overflow resulting in a potentially exploitable crash due to memory allocation issues when handling large amounts of incoming data. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50. Un desbordamiento de búfer que resulta en un cierre inesperado potencialmente explotable debido a problemas de asignación de memoria al gestionar grandes cantidades de datos entrantes. La vulnerabilidad afecta a Thunderbird en versiones anteriores a la 45.5, Firefox ESR en versiones anteriores a la 45.5 y Firefox en versiones anteriores a la 50. • http://rhn.redhat.com/errata/RHSA-2016-2780.html http://www.securityfocus.com/bid/94336 http://www.securitytracker.com/id/1037298 https://bugzilla.mozilla.org/show_bug.cgi?id=1299686 https://security.gentoo.org/glsa/201701-15 https://www.debian.org/security/2016/dsa-3730 https://www.mozilla.org/security/advisories/mfsa2016-89 https://www.mozilla.org/security/advisories/mfsa2016-90 https://www.mozilla.org/security/advisories/mfsa2016-93 https://access.redhat.com/security/cve&#x • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •