CVSS: 9.3EPSS: 0%CPEs: 4EXPL: 0CVE-2017-7845
https://notcve.org/view.php?id=CVE-2017-7845
11 Jun 2018 — A buffer overflow occurs when drawing and validating elements using Direct 3D 9 with the ANGLE graphics library, used for WebGL content. This is due to an incorrect value being passed within the library during checks and results in a potentially exploitable crash. Note: This attack only affects Windows operating systems. Other operating systems are unaffected. This vulnerability affects Thunderbird < 52.5.2, Firefox ESR < 52.5.2, and Firefox < 57.0.2. • http://www.securityfocus.com/bid/102115 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 1CVE-2016-9061
https://notcve.org/view.php?id=CVE-2016-9061
11 Jun 2018 — A previously installed malicious Android application which defines a specific signature-level permissions used by Firefox can access API keys meant for Firefox only. Note: This issue only affects Firefox for Android. Other versions and operating systems are unaffected. This vulnerability affects Firefox < 50. Una aplicación Android maliciosa previamente instalada que define permisos específicos a nivel de firma empleados por Firefox puede acceder a claves API destinadas solo a Firefox. • http://www.securityfocus.com/bid/94337 • CWE-275: Permission Issues •
CVSS: 3.3EPSS: 0%CPEs: 2EXPL: 1CVE-2016-9062
https://notcve.org/view.php?id=CVE-2016-9062
11 Jun 2018 — Private browsing mode leaves metadata information, such as URLs, for sites visited in "browser.db" and "browser.db-wal" files within the Firefox profile after the mode is exited. Note: This issue only affects Firefox for Android. Other versions and operating systems are unaffected. This vulnerability affects Firefox < 50. El modo de navegación privada deja información de metadatos, como las URL, para los sitios visitados en archivos "browser.db" y "browser.db-wal" en el perfil de Firefox tras salir del modo... • http://www.securityfocus.com/bid/94337 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2016-9065
https://notcve.org/view.php?id=CVE-2016-9065
11 Jun 2018 — The location bar in Firefox for Android can be spoofed by forcing a user into fullscreen mode, blocking its exiting, and creating of a fake location bar without any user notification. Note: This issue only affects Firefox for Android. Other versions and operating systems are unaffected. This vulnerability affects Firefox < 50. La barra de direcciones en firefox para Android puede suplantarse forzando a un usuario a emplear el modo de pantalla completa, bloqueando la salida y creando una barra de direcciones... • http://www.securityfocus.com/bid/94342 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 0CVE-2016-9072
https://notcve.org/view.php?id=CVE-2016-9072
11 Jun 2018 — When a new Firefox profile is created on 64-bit Windows installations, the sandbox for 64-bit NPAPI plugins is not enabled by default. Note: This issue only affects 64-bit Windows. 32-bit Windows and other operating systems are unaffected. This vulnerability affects Firefox < 50. Cuando se crea un nuevo perfil de Firefox en instalaciones de 64 bits de Windows, el sandbox para los plugins NPAPI de 64 bits no están habilitados por defecto. Nota: este problema solo afecta a la versión 64 bits de Windows. • http://www.securityfocus.com/bid/94337 • CWE-254: 7PK - Security Features •
CVSS: 5.3EPSS: 1%CPEs: 2EXPL: 0CVE-2018-5110
https://notcve.org/view.php?id=CVE-2018-5110
11 Jun 2018 — If cursor visibility is toggled by script using from 'none' to an image and back through script, the cursor will be rendered temporarily invisible within Firefox. Note: This vulnerability only affects OS X. Other operating systems are not affected. This vulnerability affects Firefox < 58. Si la visibilidad del cursor se cambia con un script usando desde "nada" hasta una imagen y viceversa a través del script, el cursor se vuelve temporalmente invisible en Firefox. • http://www.securityfocus.com/bid/102786 • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 1%CPEs: 2EXPL: 0CVE-2018-5121
https://notcve.org/view.php?id=CVE-2018-5121
11 Jun 2018 — Low descenders on some Tibetan characters in several fonts on OS X are clipped when rendered in the addressbar. When used as part of an Internationalized Domain Name (IDN) this can be used for domain name spoofing attacks. Note: This attack only affects OS X operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 58. • http://www.securityfocus.com/bid/102786 • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 1%CPEs: 2EXPL: 0CVE-2018-5138
https://notcve.org/view.php?id=CVE-2018-5138
11 Jun 2018 — A spoofing vulnerability can occur when a malicious site with an extremely long domain name is opened in an Android Custom Tab (a browser panel inside another app) and the default browser is Firefox for Android. This could allow an attacker to spoof which page is actually loaded and in use. Note: this issue only affects Firefox for Android. Other versions and operating systems are unaffected. This vulnerability affects Firefox < 59. • http://www.securityfocus.com/bid/103386 • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 1%CPEs: 1EXPL: 1CVE-2018-5165
https://notcve.org/view.php?id=CVE-2018-5165
11 Jun 2018 — In 32-bit versions of Firefox, the Adobe Flash plugin setting for "Enable Adobe Flash protected mode" is unchecked by default even though the Adobe Flash sandbox is actually enabled. The displayed state is the reverse of the true setting, resulting in user confusion. This could cause users to select this setting intending to activate it and inadvertently turn protections off. This vulnerability affects Firefox < 60. En las versiones de 32 bits de Firefox, la configuración del plugin de Adobe Flash para "Act... • http://www.securityfocus.com/bid/104139 •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2018-5174
https://notcve.org/view.php?id=CVE-2018-5174
11 Jun 2018 — In the Windows 10 April 2018 Update, Windows Defender SmartScreen honors the "SEE_MASK_FLAG_NO_UI" flag associated with downloaded files and will not show any UI. Files that are unknown and potentially dangerous will be allowed to run because SmartScreen will not prompt the user for a decision, and if the user is offline all files will be allowed to be opened because Windows won't prompt the user to ask what to do. Firefox incorrectly sets this flag when downloading files, leading to less secure behavior fr... • http://www.securityfocus.com/bid/104136 •