CVE-2016-5287
https://notcve.org/view.php?id=CVE-2016-5287
A potentially exploitable use-after-free crash during actor destruction with service workers. This issue does not affect releases earlier than Firefox 49. This vulnerability affects Firefox < 49.0.2. Cierre inesperado por uso de memoria previamente liberada potencialmente explotable durante la destrucción de actores con trabajadores de servicio. Este problema no afecta a versiones anteriores a Firefox 49. • http://www.securityfocus.com/bid/93811 http://www.securitytracker.com/id/1037077 https://bugzilla.mozilla.org/show_bug.cgi?id=1309823 https://www.mozilla.org/security/advisories/mfsa2016-87 • CWE-416: Use After Free •
CVE-2016-5288
https://notcve.org/view.php?id=CVE-2016-5288
Web content could access information in the HTTP cache if e10s is disabled. This can reveal some visited URLs and the contents of those pages. This issue affects Firefox 48 and 49. This vulnerability affects Firefox < 49.0.2. El contenido web podría acceder a información en la caché HTTP si e10s está deshabilitado. • http://www.securityfocus.com/bid/93810 http://www.securitytracker.com/id/1037077 https://bugzilla.mozilla.org/show_bug.cgi?id=1310183 https://www.mozilla.org/security/advisories/mfsa2016-87 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2016-5273
https://notcve.org/view.php?id=CVE-2016-5273
The mozilla::a11y::HyperTextAccessible::GetChildOffset function in the accessibility implementation in Mozilla Firefox before 49.0 allows remote attackers to execute arbitrary code via a crafted web site. La función mozilla::a11y::HyperTextAccessible::GetChildOffset en la implementación de accesibilidad en Mozilla Firefox en versiones anteriores a 49.0 permite a atacantes remotos ejecutar código arbitrario a través de un sitio web manipulado. • http://www.mozilla.org/security/announce/2016/mfsa2016-85.html http://www.securityfocus.com/bid/93052 http://www.securitytracker.com/id/1036852 https://bugzilla.mozilla.org/show_bug.cgi?id=1280387 https://security.gentoo.org/glsa/201701-15 • CWE-284: Improper Access Control •
CVE-2016-5279
https://notcve.org/view.php?id=CVE-2016-5279
Mozilla Firefox before 49.0 allows user-assisted remote attackers to obtain sensitive full-pathname information during a local-file drag-and-drop operation via crafted JavaScript code. Mozilla Firefox en versiones anteriores a 49.0 permite a atacantes remotos asistidos por un usuario obtener información sensible de un nombre de ruta completo durante una operación de arrastrar y soltar de archivo local a través de código JavaScript manipulado. • http://www.mozilla.org/security/announce/2016/mfsa2016-85.html http://www.securityfocus.com/bid/93052 http://www.securitytracker.com/id/1036852 https://bugzilla.mozilla.org/show_bug.cgi?id=1249522 https://security.gentoo.org/glsa/201701-15 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2016-2827
https://notcve.org/view.php?id=CVE-2016-2827
The mozilla::net::IsValidReferrerPolicy function in Mozilla Firefox before 49.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a Content Security Policy (CSP) referrer directive with zero values. La función mozilla::net::IsValidReferrerPolicy en Mozilla Firefox en versiones anteriores a 49.0 permite a atacantes remotos provocar una denegación de servicio (lectura fuera de límites y caída de aplicación) a través de una directiva de referencia Content Security Policy (CSP) con valores cero. • http://www.securityfocus.com/bid/93052 http://www.securitytracker.com/id/1036852 https://bugzilla.mozilla.org/show_bug.cgi?id=1289085 https://security.gentoo.org/glsa/201701-15 https://www.mozilla.org/security/advisories/mfsa2016-85 • CWE-125: Out-of-bounds Read •