CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2016-2829
https://notcve.org/view.php?id=CVE-2016-2829
Mozilla Firefox before 47.0 allows remote attackers to spoof permission notifications via a crafted web site that rapidly triggers permission requests, as demonstrated by the microphone permission or the geolocation permission. Mozilla Firefox en versiones anteriores a 47.0 permite a atacantes remotos suplantar notificaciones de permisos a través de un sitio web manipulado que rápidamente desencadena peticiones de permisos, según lo demostrado mediante el permiso de micrófono o el permiso de geolocalización. • http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00016.html http://www.mozilla.org/security/announce/2016/mfsa2016-57.html http://www.securitytracker.com/id/1036057 http://www.ubuntu.com/usn/USN-2993-1 https://bugzilla.mozilla.org/show_bug.cgi?id=1248329 • CWE-284: Improper Access Control •
CVSS: 4.3EPSS: 0%CPEs: 8EXPL: 0CVE-2016-2832
https://notcve.org/view.php?id=CVE-2016-2832
Mozilla Firefox before 47.0 allows remote attackers to discover the list of disabled plugins via a fingerprinting attack involving Cascading Style Sheets (CSS) pseudo-classes. Mozilla Firefox en versiones anteriores a 47.0 permite a atacantes remotos descubrir la lista de plugins deshabilitadas a través de un ataque de huellas dactilares involucrando pseudo clases Cascading Style Sheets (CSS). • http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00016.html http://www.mozilla.org/security/announce/2016/mfsa2016-59.html http://www.securitytracker.com/id/1036057 http://www.ubuntu.com/usn/USN-2993-1 https://bugzilla.mozilla.org/show_bug.cgi?id=1025267 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 1%CPEs: 15EXPL: 0CVE-2016-2834 – nss: Multiple security flaws (MFSA 2016-61)
https://notcve.org/view.php?id=CVE-2016-2834
Mozilla Network Security Services (NSS) before 3.23, as used in Mozilla Firefox before 47.0, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors. Mozilla Network Security Services (NSS) en versiones anteriores a3.23, tal como se utiliza en Mozilla Firefox en versiones anteriores a 47.0, permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria y caída de aplicación) o posiblemente tener otro impacto no especificado a través de vectores desconocidos. Multiple buffer handling flaws were found in the way NSS handled cryptographic data from the network. A remote attacker could use these flaws to crash an application using NSS or, possibly, execute arbitrary code with the permission of the user running the application. • http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00055.html http://rhn.redhat.com/errata/RHSA-2016-2779.html http://www.debian.org/security/2016/dsa-3688 http://www.mozilla.org/security/announce/2016/mfsa2016-61.html http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html http://www.oracle.com/technetwork/secur •
CVSS: 8.8EPSS: 0%CPEs: 40EXPL: 0CVE-2016-2818 – Mozilla: Miscellaneous memory safety hazards (rv:45.2) (MFSA 2016-49)
https://notcve.org/view.php?id=CVE-2016-2818
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador en Mozilla Firefox en versiones anteriores a 47.0 y Firefox ESR 45.x en versiones anteriores a 45.2 permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria y caída de aplicación) o posiblemente ejecutar código arbitrario a través de vectores desconocidos. • http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00055.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00008.html http://www.debian.org/security/2016/dsa-3600 http:/&#x • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 2%CPEs: 11EXPL: 0CVE-2016-2821 – Mozilla: Use-after-free deleting tables from a contenteditable document (MFSA 2016-51)
https://notcve.org/view.php?id=CVE-2016-2821
Use-after-free vulnerability in the mozilla::dom::Element class in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2, when contenteditable mode is enabled, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by triggering deletion of DOM elements that were created in the editor. Vulnerabilidad de uso después de liberación de memoria en la clase mozilla::dom::Element en Mozilla Firefox en versiones anteriores a 47.0 y Firefox ESR 45.x en versiones anteriores a 45.2, cuando el modo contenteditable está habilitado, permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de la memoria dinámica) desencadenando la eliminación de elementos DOM que fueron creados por el editor. • http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00055.html http://www.debian.org/security/2016/dsa-3600 http://www.mozilla.org/security/announce/2016/mfsa2016-51.html http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html http://www.securityfocus.com/bid/91075 http://www.securitytracker.com/id/1036057 http&# •