CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-5135 – Ubuntu Security Notice USN-3596-1
https://notcve.org/view.php?id=CVE-2018-5135
14 Mar 2018 — WebExtensions can bypass normal restrictions in some circumstances and use "browser.tabs.executeScript" to inject scripts into contexts where this should not be allowed, such as pages from other WebExtensions or unprivileged "about:" pages. This vulnerability affects Firefox < 59. WebExtensions puede omitir las restricciones normales en algunas circunstancias y utilizar "browser.tabs.executeScript" para inyectar secuencias de comandos en contextos en los que esto no debería permitirse, como páginas de otros... • http://www.securityfocus.com/bid/103386 • CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2018-5132 – Ubuntu Security Notice USN-3596-1
https://notcve.org/view.php?id=CVE-2018-5132
14 Mar 2018 — The Find API for WebExtensions can search some privileged pages, such as "about:debugging", if these pages are open in a tab. This could allow a malicious WebExtension to search for otherwise protected data if a user has it open. This vulnerability affects Firefox < 59. La API Find para WebExtensions puede buscar en algunas páginas privilegiadas, como "about:debugging", si estas páginas están abiertas en una pestaña. Esto podría permitir que una WebExtension maliciosa busque datos protegidos de otro modo si... • http://www.securityfocus.com/bid/103386 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7844 – Gentoo Linux Security Advisory 201802-03
https://notcve.org/view.php?id=CVE-2017-7844
20 Feb 2018 — A combination of an external SVG image referenced on a page and the coloring of anchor links stored within this image can be used to determine which pages a user has in their history. This can allow a malicious website to query user history. Note: This issue only affects Firefox 57. Earlier releases are not affected. This vulnerability affects Firefox < 57.0.1. • http://www.securityfocus.com/bid/102039 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-5124 – Ubuntu Security Notice USN-3552-1
https://notcve.org/view.php?id=CVE-2018-5124
31 Jan 2018 — Unsanitized output in the browser UI leaves HTML tags in place and can result in arbitrary code execution in Firefox before version 58.0.1. Una salida no saneada en la interfaz de usuario en el navegador deja etiquetas HTML que pueden conllevar en una ejecución de código en Firefox versiones anteriores a 58.0.1. Johann Hofmann discovered that HTML fragments created for chrome-privileged documents were not properly sanitized. An attacker could exploit this to execute arbitrary code. • https://www.mozilla.org/en-US/security/advisories/mfsa2018-05 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2018-5101 – Ubuntu Security Notice USN-3544-1
https://notcve.org/view.php?id=CVE-2018-5101
25 Jan 2018 — A use-after-free vulnerability can occur when manipulating floating "first-letter" style elements, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 58. Puede ocurrir una vulnerabilidad de uso de memoria previamente liberada cuando se manipulan elementos de estilo "first-letter" flotantes, resultando en un cierre inesperado potencialmente explotable. Esta vulnerabilidad afecta a las versiones anteriores a la 58 de Firefox. Multiple security issues were discovered in Firefox.... • http://www.securityfocus.com/bid/102786 • CWE-416: Use After Free •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2018-5109 – Ubuntu Security Notice USN-3544-1
https://notcve.org/view.php?id=CVE-2018-5109
25 Jan 2018 — An audio capture session can started under an incorrect origin from the site making the capture request. Users are still prompted to allow the request but the prompt can display the wrong origin, leading to user confusion about which site is making the request to capture an audio stream. This vulnerability affects Firefox < 58. Se puede iniciar una sesión de captura de audio bajo un origen incorrecto desde el sitio enviando una petición de captura. Se les pedirán a los usuarios que permitan la petición pero... • http://www.securityfocus.com/bid/102786 • CWE-346: Origin Validation Error •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2018-5092 – Ubuntu Security Notice USN-3544-1
https://notcve.org/view.php?id=CVE-2018-5092
25 Jan 2018 — A use-after-free vulnerability can occur when the thread for a Web Worker is freed from memory prematurely instead of from memory in the main thread while cancelling fetch operations. This vulnerability affects Firefox < 58. Puede ocurrir una vulnerabilidad de uso de memoria previamente liberada cuando el hilo para un Web Worker se libera de la memoria prematuramente en vez de la memoria en el hilo principal cuando se cancelan las operaciones fetch. Esta vulnerabilidad afecta a las versiones anteriores a la... • http://www.securityfocus.com/bid/102786 • CWE-416: Use After Free •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2018-5122 – Ubuntu Security Notice USN-3544-1
https://notcve.org/view.php?id=CVE-2018-5122
25 Jan 2018 — A potential integer overflow in the "DoCrypt" function of WebCrypto was identified. If a means was found of exploiting it, it could result in an out-of-bounds write. This vulnerability affects Firefox < 58. Se ha identificado un potencial desbordamiento de enteros en la función "DoCrypt" de WebCrypto. Si se encuentra un medio para explotarlo, podría resultar en una escritura fuera de límites. • http://www.securityfocus.com/bid/102786 • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2018-5115 – Ubuntu Security Notice USN-3544-1
https://notcve.org/view.php?id=CVE-2018-5115
25 Jan 2018 — If an HTTP authentication prompt is triggered by a background network request from a page or extension, it is displayed over the currently loaded foreground page. Although the prompt contains the real domain making the request, this can result in user confusion about the originating site of the authentication request and may cause users to mistakenly send private credential information to a third party site. This vulnerability affects Firefox < 58. Si una petición de autenticación HTTP es activada por una p... • http://www.securityfocus.com/bid/102786 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2018-5118 – Ubuntu Security Notice USN-3544-1
https://notcve.org/view.php?id=CVE-2018-5118
25 Jan 2018 — The screenshot images displayed in the Activity Stream page displayed when a new tab is opened is created from the meta tags of websites. An issue was discovered where the page could attempt to create these images through "file:" URLs from the local file system. This loading is blocked by the sandbox but could expose local data if combined with another attack that escapes sandbox protections. This vulnerability affects Firefox < 58. Las imágenes de captura de pantalla que se muestran en la página Activity S... • http://www.securityfocus.com/bid/102786 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •