CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0CVE-2017-7770
https://notcve.org/view.php?id=CVE-2017-7770
11 Jun 2018 — A mechanism where when a new tab is loaded through JavaScript events, if fullscreen mode is then entered, the addressbar will not be rendered. This would allow a malicious site to displayed a spoofed addressbar, showing the location of an arbitrary website instead of the one loaded. Note: this issue only affects Firefox for Android. Desktop Firefox is unaffected. This vulnerability affects Firefox < 54. • http://www.securityfocus.com/bid/99049 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2016-5295
https://notcve.org/view.php?id=CVE-2016-5295
11 Jun 2018 — This vulnerability allows an attacker to use the Mozilla Maintenance Service to escalate privilege by having the Maintenance Service invoke the Mozilla Updater to run malicious local files. This vulnerability requires local system access and is a variant of MFSA2013-44. Note: this issue only affects Windows operating systems. This vulnerability affects Firefox < 50. Esta vulnerabilidad permite que un atacante emplee Mozilla Maintenance Service para escalar privilegios haciendo que Maintenance Service invoqu... • http://www.securityfocus.com/bid/94337 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2017-7765
https://notcve.org/view.php?id=CVE-2017-7765
11 Jun 2018 — The "Mark of the Web" was not correctly saved on Windows when files with very long names were downloaded from the Internet. Without the Mark of the Web data, the security warning that Windows displays before running executables downloaded from the Internet is not shown. Note: This attack only affects Windows operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. • http://www.securityfocus.com/bid/99057 • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2017-5452
https://notcve.org/view.php?id=CVE-2017-5452
11 Jun 2018 — Malicious sites can display a spoofed addressbar on a page when the existing location bar on the new page is scrolled out of view if an HTML editable page element is user selected. Note: This attack only affects Firefox for Android. Other operating systems are not affected. This vulnerability affects Firefox < 53. Los sitios maliciosos pueden mostrar una barra de direcciones suplantada en una página cuando la barra de direcciones existente en la nueva página se deja de ver al desplazarse si un elemento HTML... • http://www.securityfocus.com/bid/97940 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 4%CPEs: 2EXPL: 0CVE-2017-5392
https://notcve.org/view.php?id=CVE-2017-5392
11 Jun 2018 — Weak proxy objects have weak references on multiple threads when they should only have them on one, resulting in incorrect memory usage and corruption, which leads to potentially exploitable crashes. Note: This issue only affects Firefox for Android. Other operating systems are not affected. This vulnerability affects Firefox < 51. Los objetos proxy débiles tienen referencias débiles en múltiples hilos cuando solo deberían tenerlas en uno, lo que resulta en un uso incorrecto y una corrupción de la memoria, ... • http://www.securityfocus.com/bid/95763 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2017-7760
https://notcve.org/view.php?id=CVE-2017-7760
11 Jun 2018 — The Mozilla Windows updater modifies some files to be updated by reading the original file and applying changes to it. The location of the original file can be altered by a malicious user by passing a special path to the callback parameter through the Mozilla Maintenance Service, allowing the manipulation of files in the installation directory and privilege escalation by manipulating the Mozilla Maintenance Service, which has privileged access. Note: This attack requires local system access and only affects... • http://www.securityfocus.com/bid/99057 • CWE-417: Communication Channel Errors •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 1CVE-2017-5395
https://notcve.org/view.php?id=CVE-2017-5395
11 Jun 2018 — Malicious sites can display a spoofed location bar on a subsequently loaded page when the existing location bar on the new page is scrolled out of view if navigations between pages can be timed correctly. Note: This issue only affects Firefox for Android. Other operating systems are not affected. This vulnerability affects Firefox < 51. Los sitios maliciosos pueden mostrar una barra de direcciones suplantada en una página subsecuentemente cargada cuando la barra de direcciones existente en la nueva página s... • http://www.securityfocus.com/bid/95763 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2017-7804
https://notcve.org/view.php?id=CVE-2017-7804
11 Jun 2018 — The destructor function for the "WindowsDllDetourPatcher" class can be re-purposed by malicious code in concert with another vulnerability to write arbitrary data to an attacker controlled location in memory. This can be used to bypass existing memory protections in this situation. Note: This attack only affects Windows operating systems. Other operating systems are not affected. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. • http://www.securityfocus.com/bid/100234 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 3%CPEs: 4EXPL: 1CVE-2017-5411
https://notcve.org/view.php?id=CVE-2017-5411
11 Jun 2018 — A use-after-free can occur during buffer storage operations within the ANGLE graphics library, used for WebGL content. The buffer storage can be freed while still in use in some circumstances, leading to a potentially exploitable crash. Note: This issue is in "libGLES", which is only in use on Windows. Other operating systems are not affected. This vulnerability affects Firefox < 52 and Thunderbird < 52. • http://www.securityfocus.com/bid/96692 • CWE-416: Use After Free •
CVSS: 5.3EPSS: 1%CPEs: 2EXPL: 0CVE-2017-5463
https://notcve.org/view.php?id=CVE-2017-5463
11 Jun 2018 — Android intents can be used to launch Firefox for Android in reader mode with a user specified URL. This allows an attacker to spoof the contents of the addressbar as displayed to users. Note: This attack only affects Firefox for Android. Other operating systems are not affected. This vulnerability affects Firefox < 53. • http://www.securityfocus.com/bid/97940 • CWE-20: Improper Input Validation •