CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2018-5174 – openSUSE Security Advisory - openSUSE-SU-2024:14572-1
https://notcve.org/view.php?id=CVE-2018-5174
11 Jun 2018 — In the Windows 10 April 2018 Update, Windows Defender SmartScreen honors the "SEE_MASK_FLAG_NO_UI" flag associated with downloaded files and will not show any UI. Files that are unknown and potentially dangerous will be allowed to run because SmartScreen will not prompt the user for a decision, and if the user is offline all files will be allowed to be opened because Windows won't prompt the user to ask what to do. Firefox incorrectly sets this flag when downloading files, leading to less secure behavior fr... • http://www.securityfocus.com/bid/104136 •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2016-9072 – openSUSE Security Advisory - openSUSE-SU-2024:14572-1
https://notcve.org/view.php?id=CVE-2016-9072
11 Jun 2018 — When a new Firefox profile is created on 64-bit Windows installations, the sandbox for 64-bit NPAPI plugins is not enabled by default. Note: This issue only affects 64-bit Windows. 32-bit Windows and other operating systems are unaffected. This vulnerability affects Firefox < 50. Cuando se crea un nuevo perfil de Firefox en instalaciones de 64 bits de Windows, el sandbox para los plugins NPAPI de 64 bits no están habilitados por defecto. Nota: este problema solo afecta a la versión 64 bits de Windows. • http://www.securityfocus.com/bid/94337 • CWE-254: 7PK - Security Features •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2017-7766
https://notcve.org/view.php?id=CVE-2017-7766
11 Jun 2018 — An attack using manipulation of "updater.ini" contents, used by the Mozilla Windows Updater, and privilege escalation through the Mozilla Maintenance Service to allow for arbitrary file execution and deletion by the Maintenance Service, which has privileged access. Note: This attack requires local system access and only affects Windows. Other operating systems are not affected. This vulnerability affects Firefox ESR < 52.2 and Firefox < 54. Un ataque que emplea la manipulación del contenido de "updater.ini"... • http://www.securityfocus.com/bid/99057 •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 1CVE-2017-7817 – openSUSE Security Advisory - openSUSE-SU-2024:14572-1
https://notcve.org/view.php?id=CVE-2017-7817
11 Jun 2018 — A spoofing vulnerability can occur when a page switches to fullscreen mode without user notification, allowing a fake address bar to be displayed. This allows an attacker to spoof which page is actually loaded and in use. Note: This attack only affects Firefox for Android. Other operating systems are not affected. This vulnerability affects Firefox < 56. • http://www.securityfocus.com/bid/101057 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2016-5299 – openSUSE Security Advisory - openSUSE-SU-2024:14572-1
https://notcve.org/view.php?id=CVE-2016-5299
11 Jun 2018 — A previously installed malicious Android application with same signature-level permissions as Firefox can intercept AuthTokens meant for Firefox only. Note: This issue only affects Firefox for Android. Other versions and operating systems are unaffected. This vulnerability affects Firefox < 50. Una aplicación Android maliciosa previamente instalada con los mismos permisos a nivel de firma que Firefox puede interceptar AuthTokens destinados solo a Firefox. • http://www.securityfocus.com/bid/94337 • CWE-275: Permission Issues •
CVSS: 5.3EPSS: 1%CPEs: 2EXPL: 0CVE-2018-5110 – openSUSE Security Advisory - openSUSE-SU-2024:14572-1
https://notcve.org/view.php?id=CVE-2018-5110
11 Jun 2018 — If cursor visibility is toggled by script using from 'none' to an image and back through script, the cursor will be rendered temporarily invisible within Firefox. Note: This vulnerability only affects OS X. Other operating systems are not affected. This vulnerability affects Firefox < 58. Si la visibilidad del cursor se cambia con un script usando desde "nada" hasta una imagen y viceversa a través del script, el cursor se vuelve temporalmente invisible en Firefox. • http://www.securityfocus.com/bid/102786 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2017-7804 – openSUSE Security Advisory - openSUSE-SU-2024:14572-1
https://notcve.org/view.php?id=CVE-2017-7804
11 Jun 2018 — The destructor function for the "WindowsDllDetourPatcher" class can be re-purposed by malicious code in concert with another vulnerability to write arbitrary data to an attacker controlled location in memory. This can be used to bypass existing memory protections in this situation. Note: This attack only affects Windows operating systems. Other operating systems are not affected. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. • http://www.securityfocus.com/bid/100234 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2017-7761
https://notcve.org/view.php?id=CVE-2017-7761
11 Jun 2018 — The Mozilla Maintenance Service "helper.exe" application creates a temporary directory writable by non-privileged users. When this is combined with creation of a junction (a form of symbolic link), protected files in the target directory of the junction can be deleted by the Mozilla Maintenance Service, which has privileged access. Note: This attack requires local system access and only affects Windows. Other operating systems are not affected. This vulnerability affects Firefox ESR < 52.2 and Firefox < 54.... • http://www.securityfocus.com/bid/99057 • CWE-276: Incorrect Default Permissions •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2017-7782 – openSUSE Security Advisory - openSUSE-SU-2024:14572-1
https://notcve.org/view.php?id=CVE-2017-7782
11 Jun 2018 — An error in the "WindowsDllDetourPatcher" where a RWX ("Read/Write/Execute") 4k block is allocated but never protected, violating DEP protections. Note: This attack only affects Windows operating systems. Other operating systems are not affected. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. Error en "WindowsDllDetourPatcher", donde un bloque 4k RWX ("Read/Write/Execute") se asigna, pero nunca se proteje, violando las protecciones DEP. • http://www.securityfocus.com/bid/100243 • CWE-269: Improper Privilege Management •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2016-5298 – openSUSE Security Advisory - openSUSE-SU-2024:14572-1
https://notcve.org/view.php?id=CVE-2016-5298
11 Jun 2018 — A mechanism where disruption of the loading of a new web page can cause the previous page's favicon and SSL indicator to not be reset when the new page is loaded. Note: this issue only affects Firefox for Android. Desktop Firefox is unaffected. This vulnerability affects Firefox < 50. Un mecanismo donde la interrupción de la carga de una nueva página web puede provocar que los indicadores favicon y SSL de la página anterior no se restablezcan. • http://www.securityfocus.com/bid/94337 • CWE-20: Improper Input Validation •