CVE-2016-2833
https://notcve.org/view.php?id=CVE-2016-2833
Mozilla Firefox before 47.0 ignores Content Security Policy (CSP) directives for cross-domain Java applets, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted applet. Mozilla Firefox en versiones anteriores a 47.0 ignora directivas Content Security Policy (CSP) para subprogramas de dominios cruzados Java, lo que facilita a atacantes remotos llevar a cabo ataques XSS a través de un subprograma manipulado. • http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00016.html http://www.mozilla.org/security/announce/2016/mfsa2016-60.html http://www.securitytracker.com/id/1036057 http://www.ubuntu.com/usn/USN-2993-1 https://bugzilla.mozilla.org/show_bug.cgi?id=908933 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-254: 7PK - Security Features •
CVE-2016-2825
https://notcve.org/view.php?id=CVE-2016-2825
Mozilla Firefox before 47.0 allows remote attackers to bypass the Same Origin Policy and modify the location.host property via an invalid data: URL. Mozilla Firefox en versiones anteriores a 47.0 permite a atacantes remotos eludir la Same Origin Policy y modificar la propiedad location.host a través de un dato no válido: URL. • http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00016.html http://www.mozilla.org/security/announce/2016/mfsa2016-54.html http://www.securitytracker.com/id/1036057 http://www.ubuntu.com/usn/USN-2993-1 https://bugzilla.mozilla.org/show_bug.cgi?id=1193093 • CWE-284: Improper Access Control •
CVE-2016-2815
https://notcve.org/view.php?id=CVE-2016-2815
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador en Mozilla Firefox en versiones anteriores a 47.0 permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria y caída de aplicación) o posiblemente ejecutar código arbitrario a través de vectores desconocidos. • http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00055.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00008.html http://www.mozilla.org/security/announce/2016/mfsa2016-49. • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2016-2831 – Mozilla: Entering fullscreen and persistent pointerlock without user permission (MFSA 2016-58)
https://notcve.org/view.php?id=CVE-2016-2831
Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 do not ensure that the user approves the fullscreen and pointerlock settings, which allows remote attackers to cause a denial of service (UI outage), or conduct clickjacking or spoofing attacks, via a crafted web site. Mozilla Firefox en versiones anteriores a 47.0 y Firefox ESR 45.x en versiones anteriores a 45.2 no asegura que el usuario apruebe los ajustes de pantalla completa y pointerlock, lo que permite a atacantes remotos provocar una denegación de servicio (interrupción de UI), o llevar a cabo ataques de clickjacking o de suplantación, a través de un sitio web manipulado. • http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00055.html http://www.debian.org/security/2016/dsa-3600 http://www.mozilla.org/security/announce/2016/mfsa2016-58.html http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html http://www.securityfocus.com/bid/91075 http://www.securitytracker.com/id/1036057 http • CWE-254: 7PK - Security Features CWE-284: Improper Access Control •
CVE-2016-2819 – Firefox 46.0.1 - ASM.JS JIT-Spray Remote Code Execution
https://notcve.org/view.php?id=CVE-2016-2819
Heap-based buffer overflow in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allows remote attackers to execute arbitrary code via foreign-context HTML5 fragments, as demonstrated by fragments within an SVG element. Desbordamiento de buffer basado en memoria dinámica en Mozilla Firefox en versiones anteriores a 47.0 y Firefox ESR 45.x en versiones anteriores a 45.2 permite a atacantes remotos ejecutar código arbitrario a través de fragmentos HTML5 de contexto extranjero, tal como se demuestra mediante fragmentos dentro de un elemento SVG. • https://www.exploit-db.com/exploits/44293 http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00055.html http://www.debian.org/security/2016/dsa-3600 http://www.mozilla.org/security/announce/2016/mfsa2016-50.html http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html http://www.securityfocus.com/bid/91075 ht • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •