CVE-2016-2810
https://notcve.org/view.php?id=CVE-2016-2810
Mozilla Firefox before 46.0 on Android before 5.0 allows attackers to bypass intended Signature access requirements via a crafted application that leverages content-provider permissions, as demonstrated by reading the browser history or a saved password. Mozilla Firefox en versiones anteriores a 46.0 sobre Android en versiones anteriores a 5.0 permite a atacantes eludir requerimientos destinados al acceso Signature a través de una aplicación manipulada que aprovecha permisos content-provider, según lo demostrado por la lectura del historial del navegador o una contraseña guardada. • http://lists.opensuse.org/opensuse-updates/2016-05/msg00038.html http://www.mozilla.org/security/announce/2016/mfsa2016-41.html http://www.securitytracker.com/id/1035692 https://bugzilla.mozilla.org/show_bug.cgi?id=1229681 https://security.gentoo.org/glsa/201701-15 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2016-2813
https://notcve.org/view.php?id=CVE-2016-2813
Mozilla Firefox before 46.0 on Android does not properly restrict JavaScript access to orientation and motion data, which allows remote attackers to obtain sensitive information about a device's physical environment, and possibly discover PIN values, via a crafted web site, a similar issue to CVE-2016-1780. Mozilla Firefox en versiones anteriores a 46.0 sobre Android no restringe adecuadamente el acceso JavaScript a datos de orientation y motion, lo que permite a atacantes remotos obtener información sensible sobre el entorno de un dispositivo físico, y posiblemente descubrir valores de PIN, a través de un sitio web manipulado, un problema similar a CVE-2016-1780. • http://dl.acm.org/citation.cfm?id=2714650 http://lists.opensuse.org/opensuse-updates/2016-05/msg00038.html http://www.mozilla.org/security/announce/2016/mfsa2016-43.html http://www.securitytracker.com/id/1035692 https://bugzilla.mozilla.org/show_bug.cgi?id=1197901 https://security.gentoo.org/glsa/201701-15 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2016-2809
https://notcve.org/view.php?id=CVE-2016-2809
The Mozilla Maintenance Service updater in Mozilla Firefox before 46.0 on Windows allows user-assisted remote attackers to delete arbitrary files by leveraging certain local file execution. El actualizador Mozilla Maintenance Service en Mozilla Firefox en versiones anteriores a 46.0 sobre Windows permite a atacantes remotos asistidos por usuario eliminar archivos arbitrarios aprovechando la ejecución de un determinado archivo local. • http://lists.opensuse.org/opensuse-updates/2016-05/msg00038.html http://www.mozilla.org/security/announce/2016/mfsa2016-40.html http://www.securitytracker.com/id/1035692 https://bugzilla.mozilla.org/show_bug.cgi?id=1212939 https://security.gentoo.org/glsa/201701-15 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2016-2804
https://notcve.org/view.php?id=CVE-2016-2804
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador en Mozilla Firefox en versiones anteriores a 46.0 permiten a atacantes remotos provocar una denegación de servicio (corrupción de memoria y caída de aplicación) o posiblemente ejecutar código arbitrario a través de vectores desconocidos. • http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00005.html http://lists.opensuse.org/opensuse-updates/2016-05/msg00038.html http://www.mozilla.org/security/announce/2016/mfsa2016-39.html http://www.securitytracker.com/id/1035692 http://www.ubuntu.com/usn/USN-2936-1 http://www.ubuntu.com/usn/USN-2936-2 http://www.ubuntu.com/usn/USN-2936-3 https://bugzilla.mozilla.org/show_bug.cgi?id=1141382 https://bugzilla.mozilla.org/show_bug.cgi?id=1155328 https: • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2016-2817
https://notcve.org/view.php?id=CVE-2016-2817
The WebExtension sandbox feature in browser/components/extensions/ext-tabs.js in Mozilla Firefox before 46.0 does not properly restrict principal inheritance during chrome.tabs.create and chrome.tabs.update API calls, which allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted extension that accesses a (1) javascript: or (2) data: URL. La funcionalidad de sandbox WebExtension en browser/components/extensions/ext-tabs.js en Mozilla Firefox en versiones anteriores a 46.0 no restringe adecuadamente la herencia principal durante llamadas API chrome.tabs.create y chrome.tabs.update, lo que permite a atacantes remotos llevar a cabo ataques Universal XSS (UXSS) a través de una extensión manipulada que accede a una URL (1) javascript: o (2) data:. • http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00005.html http://lists.opensuse.org/opensuse-updates/2016-05/msg00038.html http://www.mozilla.org/security/announce/2016/mfsa2016-46.html http://www.securitytracker.com/id/1035692 http://www.ubuntu.com/usn/USN-2936-1 http://www.ubuntu.com/usn/USN-2936-2 http://www.ubuntu.com/usn/USN-2936-3 https://bugzilla.mozilla.org/show_bug.cgi?id=1227462 https://security.gentoo.org/glsa/201701-15 • CWE-264: Permissions, Privileges, and Access Controls •