CVSS: 10.0EPSS: 3%CPEs: 4EXPL: 0CVE-2016-1931
https://notcve.org/view.php?id=CVE-2016-1931
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 44.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to uninitialized memory encountered during brotli data compression, and other vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador en Mozilla Firefox en versiones anteriores a 44.0 permiten a atacantes remotos causar una denegación de servicio (corrupción de memoria y caída de aplicación) o posiblemente ejecutar código arbitrario a través de vectores relacionados con memoria sin inicializar encontrados durante la compresión de datos brotli y otros vectores. • http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00002.html http://www.mozilla.org/security/announce/2016/mfsa2016-01.html http://www.securityfocus.com/bid/81953 http://www.securitytracker.com/id/1034825 http://www.ubuntu.com/usn/USN-2880-1 http://www.ubuntu.com/usn/USN-2880-2 https://bugzilla.mozilla.org/show_bug.cgi?id=1180064 https://bugzilla.mozilla.org/show_bug.cgi?id=1186973 http • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2016-1937
https://notcve.org/view.php?id=CVE-2016-1937
The protocol-handler dialog in Mozilla Firefox before 44.0 allows remote attackers to conduct clickjacking attacks via a crafted web site that triggers a single-click action in a situation where a double-click action was intended. El diálogo del manejador de protocolo en Mozilla Firefox en versiones anteriores a 44.0 permite a atacantes remotos llevar a cabo ataques de secuestro de clic a través de un sitio web manipulado que desencadena una acción de clic simple en una situación en la que se pretendía una acción de doble clic. • http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00002.html http://www.mozilla.org/security/announce/2016/mfsa2016-06.html http://www.securityfocus.com/bid/81957 http://www.securitytracker.com/id/1034825 http://www.ubuntu.com/usn/USN-2880-1 http://www.ubuntu.com/usn/USN-2880-2 https://bugzilla.mozilla.org/show_bug.cgi?id=724353 https://security.gentoo.org/glsa/201605-06 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 3%CPEs: 4EXPL: 0CVE-2016-1933
https://notcve.org/view.php?id=CVE-2016-1933
Integer overflow in the image-deinterlacing functionality in Mozilla Firefox before 44.0 allows remote attackers to cause a denial of service (memory consumption or application crash) via a crafted GIF image. Desbordamiento de entero en la funcionalidad image-deinterlacing en Mozilla Firefox en versiones anteriores a 44.0 permite a atacantes remotos causar una denegación de servicio (consumo de memoria o caída de aplicación) a través de una imagen GIF manipulada. • http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00002.html http://www.mozilla.org/security/announce/2016/mfsa2016-02.html http://www.securityfocus.com/bid/81956 http://www.securitytracker.com/id/1034825 http://www.ubuntu.com/usn/USN-2880-1 http://www.ubuntu.com/usn/USN-2880-2 https://bugzilla.mozilla.org/show_bug.cgi?id=1231761 https://security.gentoo.org/glsa/201605-06 • CWE-189: Numeric Errors •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2016-1939
https://notcve.org/view.php?id=CVE-2016-1939
Mozilla Firefox before 44.0 stores cookies with names containing vertical tab characters, which allows remote attackers to obtain sensitive information by reading HTTP Cookie headers. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-7208. Mozilla Firefox en versiones anteriores a 44.0 almacena cookies con nombres que contienen caracteres de tabulación verticales, lo que permite a atacantes remotos obtener información sensible mediante la lectura de cabeceras HTTP Cookie. NOTA: esta vulnerabilidad existe debido a una solución incompleta para CVE-2015-7208. • http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00002.html http://www.mozilla.org/security/announce/2016/mfsa2016-04.html http://www.securitytracker.com/id/1034825 http://www.ubuntu.com/usn/USN-2880-1 http://www.ubuntu.com/usn/USN-2880-2 https://bugzilla.mozilla.org/show_bug.cgi?id=1233784 https://security.gentoo.org/glsa/201605-06 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 4%CPEs: 4EXPL: 0CVE-2016-1946
https://notcve.org/view.php?id=CVE-2016-1946
The MoofParser::Metadata function in binding/MoofParser.cpp in libstagefright in Mozilla Firefox before 44.0 does not limit the size of read operations, which might allow remote attackers to cause a denial of service (integer overflow and buffer overflow) or possibly have unspecified other impact via crafted metadata. La función MoofParser::Metadata en binding/MoofParser.cpp en libstagefright en Mozilla Firefox en versiones anteriores a 44.0 no limita el tamaño de las operaciones de lectura, lo que podría permitir a atacantes remotos causar una denegación de servicio (desbordamiento de entero y desbordamiento de buffer) o posiblemente tener otro impacto no especificado a través de metadatos manipulados. • http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00002.html http://www.mozilla.org/security/announce/2016/mfsa2016-10.html http://www.securityfocus.com/bid/81950 http://www.securitytracker.com/id/1034825 http://www.ubuntu.com/usn/USN-2880-1 http://www.ubuntu.com/usn/USN-2880-2 https://bugzilla.mozilla.org/show_bug.cgi?id=1232069 https://hg.mozilla.org/mozilla-central/rev/2a57c0a0cf19 htt • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-189: Numeric Errors •