CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0CVE-2018-5175 – Ubuntu Security Notice USN-3645-2
https://notcve.org/view.php?id=CVE-2018-5175
12 May 2018 — A mechanism to bypass Content Security Policy (CSP) protections on sites that have a "script-src" policy of "'strict-dynamic'". If a target website contains an HTML injection flaw an attacker could inject a reference to a copy of the "require.js" library that is part of Firefox's Developer Tools, and then use a known technique using that library to bypass the CSP restrictions on executing injected scripts. This vulnerability affects Firefox < 60. Un mecanismo para omitir las protecciones de la Política de S... • http://www.securityfocus.com/bid/104139 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2018-5153 – Ubuntu Security Notice USN-3645-1
https://notcve.org/view.php?id=CVE-2018-5153
12 May 2018 — If websocket data is sent with mixed text and binary in a single message, the binary data can be corrupted. This can result in an out-of-bounds read with the read memory sent to the originating server in response. This vulnerability affects Firefox < 60. Si se envían datos de sockets web con texto mixto y binario en un solo mensaje, los datos binarios pueden corromperse. Esto puede resultar en una lectura fuera de límites con la memoria de lectura enviada al servidor de origen en respuesta. • http://www.securityfocus.com/bid/104139 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2018-5166 – Ubuntu Security Notice USN-3645-1
https://notcve.org/view.php?id=CVE-2018-5166
12 May 2018 — WebExtensions can use request redirection and a "filterReponseData" filter to bypass host permission settings to redirect network traffic and access content from a host for which they do not have explicit user permission. This vulnerability affects Firefox < 60. WebExtensions puede utilizar la redirección de peticiones y un filtro "filterReponseData" para eludir la configuración de permisos del host para redirigir el tráfico de red y acceder al contenido de un host para el que no tienen permiso explícito de... • http://www.securityfocus.com/bid/104139 • CWE-269: Improper Privilege Management •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2018-5160 – Ubuntu Security Notice USN-3645-2
https://notcve.org/view.php?id=CVE-2018-5160
12 May 2018 — WebRTC can use a "WrappedI420Buffer" pixel buffer but the owning image object can be freed while it is still in use. This can result in the WebRTC encoder using uninitialized memory, leading to a potentially exploitable crash. This vulnerability affects Firefox < 60. WebRTC puede utilizar un búfer de píxeles "WrappedI420Buffer", pero el objeto owning image puede liberarse mientras está en uso. Esto puede provocar que el codificador WebRTC utilice memoria no inicializada, lo que puede provocar un cierre ines... • http://www.securityfocus.com/bid/104139 • CWE-416: Use After Free CWE-908: Use of Uninitialized Resource •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2018-5152 – Ubuntu Security Notice USN-3645-1
https://notcve.org/view.php?id=CVE-2018-5152
12 May 2018 — WebExtensions with the appropriate permissions can attach content scripts to Mozilla sites such as accounts.firefox.com and listen to network traffic to the site through the "webRequest" API. For example, this allows for the interception of username and an encrypted password during login to Firefox Accounts. This issue does not expose synchronization traffic directly and is limited to the process of user login to the website and the data displayed to the user once logged in. This vulnerability affects Firef... • http://www.securityfocus.com/bid/104139 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 9.8EPSS: 0%CPEs: 21EXPL: 0CVE-2018-5150 – Mozilla: Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8
https://notcve.org/view.php?id=CVE-2018-5150
11 May 2018 — Memory safety bugs were reported in Firefox 59, Firefox ESR 52.7, and Thunderbird 52.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8. Se han informado de errores de seguridad de memoria en Firefox 55, Firefox ESR 52.7 y Thunderbird 52.7. Algunos de estos errores mostraron evidencias de corrup... • http://www.securityfocus.com/bid/104136 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 32%CPEs: 21EXPL: 2CVE-2018-5159 – Skia and Firefox - Integer Overflow in SkTDArray Leading to Out-of-Bounds Write
https://notcve.org/view.php?id=CVE-2018-5159
11 May 2018 — An integer overflow can occur in the Skia library due to 32-bit integer use in an array without integer overflow checks, resulting in possible out-of-bounds writes. This could lead to a potentially exploitable crash triggerable by web content. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8. Puede ocurrir un desbordamiento de enteros en la biblioteca Skia debido al uso de números enteros de 32 bits en un array sin verificaciones de desbordamiento d... • https://packetstorm.news/files/id/147843 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 21EXPL: 0CVE-2018-5154 – Mozilla: Use-after-free with SVG animations and clip paths
https://notcve.org/view.php?id=CVE-2018-5154
11 May 2018 — A use-after-free vulnerability can occur while enumerating attributes during SVG animations with clip paths. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8. Puede ocurrir una vulnerabilidad de uso de memoria previamente liberada cuando se enumeran atributos durante las animaciones SVG con las rutas de clips. Esto resulta en un cierre inesperado explotable. • http://www.securityfocus.com/bid/104136 • CWE-416: Use After Free •
CVSS: 9.8EPSS: 0%CPEs: 21EXPL: 0CVE-2018-5155 – Mozilla: Use-after-free with SVG animations and text paths
https://notcve.org/view.php?id=CVE-2018-5155
11 May 2018 — A use-after-free vulnerability can occur while adjusting layout during SVG animations with text paths. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8. Puede ocurrir una vulnerabilidad de uso de memoria previamente liberada cuando se ajusta la disposición durante las animaciones SVG con rutas de texto. Esto resulta en un cierre inesperado explotable. • http://www.securityfocus.com/bid/104136 • CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 19EXPL: 0CVE-2018-5157 – Mozilla: Same-origin bypass of PDF Viewer to view protected PDF files
https://notcve.org/view.php?id=CVE-2018-5157
11 May 2018 — Same-origin protections for the PDF viewer can be bypassed, allowing a malicious site to intercept messages meant for the viewer. This could allow the site to retrieve PDF files restricted to viewing by an authenticated user on a third-party website. This vulnerability affects Firefox ESR < 52.8 and Firefox < 60. Las protecciones del mismo origen para el visor de PDF pueden omitirse, lo que permite que un sitio malicioso intercepte los mensajes destinados al visor. Esto podría permitir que el sitio recupere... • http://www.securityfocus.com/bid/104136 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-346: Origin Validation Error CWE-829: Inclusion of Functionality from Untrusted Control Sphere •