CVSS: 5.3EPSS: 1%CPEs: 2EXPL: 0CVE-2018-5121
https://notcve.org/view.php?id=CVE-2018-5121
11 Jun 2018 — Low descenders on some Tibetan characters in several fonts on OS X are clipped when rendered in the addressbar. When used as part of an Internationalized Domain Name (IDN) this can be used for domain name spoofing attacks. Note: This attack only affects OS X operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 58. • http://www.securityfocus.com/bid/102786 • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 1%CPEs: 2EXPL: 0CVE-2018-5138
https://notcve.org/view.php?id=CVE-2018-5138
11 Jun 2018 — A spoofing vulnerability can occur when a malicious site with an extremely long domain name is opened in an Android Custom Tab (a browser panel inside another app) and the default browser is Firefox for Android. This could allow an attacker to spoof which page is actually loaded and in use. Note: this issue only affects Firefox for Android. Other versions and operating systems are unaffected. This vulnerability affects Firefox < 59. • http://www.securityfocus.com/bid/103386 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 3%CPEs: 2EXPL: 0CVE-2017-5392
https://notcve.org/view.php?id=CVE-2017-5392
11 Jun 2018 — Weak proxy objects have weak references on multiple threads when they should only have them on one, resulting in incorrect memory usage and corruption, which leads to potentially exploitable crashes. Note: This issue only affects Firefox for Android. Other operating systems are not affected. This vulnerability affects Firefox < 51. Los objetos proxy débiles tienen referencias débiles en múltiples hilos cuando solo deberían tenerlas en uno, lo que resulta en un uso incorrecto y una corrupción de la memoria, ... • http://www.securityfocus.com/bid/95763 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2017-5394
https://notcve.org/view.php?id=CVE-2017-5394
11 Jun 2018 — A location bar spoofing attack where the location bar of loaded page will be shown over the content of another tab due to a series of JavaScript events combined with fullscreen mode. Note: This issue only affects Firefox for Android. Other operating systems are not affected. This vulnerability affects Firefox < 51. Ataque de suplantación de barra de direcciones donde la barra de direcciones de la página cargada se mostrará sobre el contenido de otra pestaña debido a la combinación de una serie de eventos Ja... • http://www.securityfocus.com/bid/95763 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 1CVE-2017-5395
https://notcve.org/view.php?id=CVE-2017-5395
11 Jun 2018 — Malicious sites can display a spoofed location bar on a subsequently loaded page when the existing location bar on the new page is scrolled out of view if navigations between pages can be timed correctly. Note: This issue only affects Firefox for Android. Other operating systems are not affected. This vulnerability affects Firefox < 51. Los sitios maliciosos pueden mostrar una barra de direcciones suplantada en una página subsecuentemente cargada cuando la barra de direcciones existente en la nueva página s... • http://www.securityfocus.com/bid/95763 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2017-5397
https://notcve.org/view.php?id=CVE-2017-5397
11 Jun 2018 — The cache directory on the local file system is set to be world writable. Firefox defaults to extracting libraries from this cache. This allows for the possibility of an installed malicious application or tools with write access to the file system to replace files used by Firefox with their own versions. This vulnerability affects Firefox < 51.0.3. El directorio cache en el sistema de archivos local está establecido para que tenga permisos de escritura global. • http://www.securityfocus.com/bid/96144 • CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 1CVE-2017-5409
https://notcve.org/view.php?id=CVE-2017-5409
11 Jun 2018 — The Mozilla Windows updater can be called by a non-privileged user to delete an arbitrary local file by passing a special path to the callback parameter through the Mozilla Maintenance Service, which has privileged access. Note: This attack requires local system access and only affects Windows. Other operating systems are not affected. This vulnerability affects Firefox ESR < 45.8 and Firefox < 52. El actualizador Mozilla para Windows puede ser llamado por un usuario sin privilegios para eliminar un archivo... • http://www.securityfocus.com/bid/96696 • CWE-269: Improper Privilege Management •
CVSS: 7.5EPSS: 3%CPEs: 4EXPL: 1CVE-2017-5411
https://notcve.org/view.php?id=CVE-2017-5411
11 Jun 2018 — A use-after-free can occur during buffer storage operations within the ANGLE graphics library, used for WebGL content. The buffer storage can be freed while still in use in some circumstances, leading to a potentially exploitable crash. Note: This issue is in "libGLES", which is only in use on Windows. Other operating systems are not affected. This vulnerability affects Firefox < 52 and Thunderbird < 52. • http://www.securityfocus.com/bid/96692 • CWE-416: Use After Free •
CVSS: 7.5EPSS: 1%CPEs: 4EXPL: 0CVE-2017-5425
https://notcve.org/view.php?id=CVE-2017-5425
11 Jun 2018 — The Gecko Media Plugin sandbox allows access to local files that match specific regular expressions. On OS OX, this matching allows access to some data in subdirectories of "/private/var" that could expose personal or temporary data. This has been updated to not allow access to "/private/var" and its subdirectories. Note: this issue only affects OS X. Other operating systems are not affected. • http://www.securityfocus.com/bid/96692 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 1CVE-2017-5450
https://notcve.org/view.php?id=CVE-2017-5450
11 Jun 2018 — A mechanism to spoof the Firefox for Android addressbar using a "javascript:" URI. On Firefox for Android, the base domain is parsed incorrectly, making the resulting location less visibly a spoofed site and showing an incorrect domain in appended notifications. This vulnerability affects Firefox < 53. Mecanismo para suplantar la barra de direcciones en Firefox para Android mediante un URI "javascript:". En Firefox para Android, el dominio base se analiza incorrectamente, lo que hace que sea menos visible q... • http://www.securityfocus.com/bid/97940 • CWE-20: Improper Input Validation •