CVSS: 7.1EPSS: 0%CPEs: 15EXPL: 0CVE-2018-12397 – Mozilla: WebExtension local file permission check bypass
https://notcve.org/view.php?id=CVE-2018-12397
A WebExtension can request access to local files without the warning prompt stating that the extension will "Access your data for all websites" being displayed to the user. This allows extensions to run content scripts in local pages without permission warnings when a local file is opened. This vulnerability affects Firefox ESR < 60.3 and Firefox < 63. WebExtensions pueden solicitar el acceso a archivos locales sin que salte un aviso de advertencia en el que consta que la extensión accederá a sus datos para todo sitio web, mostrándose así al usuario. Esto permite que las extensiones ejecuten scripts de contenido en páginas locales sin advertencias de permisos al abrir un archivo local. • http://www.securityfocus.com/bid/105718 http://www.securitytracker.com/id/1041944 https://access.redhat.com/errata/RHSA-2018:3005 https://access.redhat.com/errata/RHSA-2018:3006 https://bugzilla.mozilla.org/show_bug.cgi?id=1487478 https://lists.debian.org/debian-lts-announce/2018/11/msg00008.html https://security.gentoo.org/glsa/201811-04 https://usn.ubuntu.com/3801-1 https://www.debian.org/security/2018/dsa-4324 https://www.mozilla.org/security/advisories/mfsa2018-26&# • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-862: Missing Authorization •
CVSS: 7.5EPSS: 1%CPEs: 15EXPL: 0CVE-2018-12395 – Mozilla: WebExtension bypass of domain restrictions through header rewriting
https://notcve.org/view.php?id=CVE-2018-12395
By rewriting the Host: request headers using the webRequest API, a WebExtension can bypass domain restrictions through domain fronting. This would allow access to domains that share a host that are otherwise restricted. This vulnerability affects Firefox ESR < 60.3 and Firefox < 63. Al reescribir las cabeceras "Host: request" que utilizan la API webRequest, WebExtensions pueden omitir las restricciones de dominio mediante la fronting del dominio. Esto permitiría el acceso a dominios, cuyo acceso es normalmente restringido, que comparten un host. • http://www.securityfocus.com/bid/105718 http://www.securitytracker.com/id/1041944 https://access.redhat.com/errata/RHSA-2018:3005 https://access.redhat.com/errata/RHSA-2018:3006 https://bugzilla.mozilla.org/show_bug.cgi?id=1467523 https://lists.debian.org/debian-lts-announce/2018/11/msg00008.html https://security.gentoo.org/glsa/201811-04 https://usn.ubuntu.com/3801-1 https://www.debian.org/security/2018/dsa-4324 https://www.mozilla.org/security/advisories/mfsa2018-26&# • CWE-284: Improper Access Control •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2018-12381
https://notcve.org/view.php?id=CVE-2018-12381
Manually dragging and dropping an Outlook email message into the browser will trigger a page navigation when the message's mail columns are incorrectly interpreted as a URL. *Note: this issue only affects Windows operating systems with Outlook installed. Other operating systems are not affected.*. This vulnerability affects Firefox ESR < 60.2 and Firefox < 62. Arrastrar y soltar manualmente un mensaje de email de Outlook en el navegador desencadenará una navegación de página cuando las columnas de email del mensaje se interpretan de forma incorrecta como URL. • http://www.securityfocus.com/bid/105280 http://www.securitytracker.com/id/1041610 https://bugzilla.mozilla.org/show_bug.cgi?id=1435319 https://security.gentoo.org/glsa/201810-01 https://www.mozilla.org/security/advisories/mfsa2018-20 https://www.mozilla.org/security/advisories/mfsa2018-21 • CWE-610: Externally Controlled Reference to a Resource in Another Sphere •
CVSS: 8.8EPSS: 3%CPEs: 16EXPL: 1CVE-2018-12386 – Mozilla: type confusion in JavaScript
https://notcve.org/view.php?id=CVE-2018-12386
A vulnerability in register allocation in JavaScript can lead to type confusion, allowing for an arbitrary read and write. This leads to remote code execution inside the sandboxed content process when triggered. This vulnerability affects Firefox ESR < 60.2.2 and Firefox < 62.0.3. Una vulnerabilidad en la asignación de registros en JavaScript puede conducir a una confusión de tipos que permite la lectura y escritura arbitrarias. Esto conduce a la ejecución remota de código en el proceso de contenido en sandbox cuando se desencadena. • http://www.securityfocus.com/bid/105460 http://www.securitytracker.com/id/1041770 https://access.redhat.com/errata/RHSA-2018:2881 https://access.redhat.com/errata/RHSA-2018:2884 https://bugzilla.mozilla.org/show_bug.cgi?id=1493900 https://security.gentoo.org/glsa/201810-01 https://usn.ubuntu.com/3778-1 https://www.debian.org/security/2018/dsa-4310 https://www.mozilla.org/security/advisories/mfsa2018-24 https://access.redhat.com/security/cve/CVE-2018-12386 https:/&#x • CWE-704: Incorrect Type Conversion or Cast CWE-787: Out-of-bounds Write •
CVSS: 9.1EPSS: 37%CPEs: 16EXPL: 1CVE-2018-12387 – Mozilla: stack out-of-bounds read in Array.prototype.push
https://notcve.org/view.php?id=CVE-2018-12387
A vulnerability where the JavaScript JIT compiler inlines Array.prototype.push with multiple arguments that results in the stack pointer being off by 8 bytes after a bailout. This leaks a memory address to the calling function which can be used as part of an exploit inside the sandboxed content process. This vulnerability affects Firefox ESR < 60.2.2 and Firefox < 62.0.3. Vulnerabilidad por la cual el compilador JIT de JavaScript inserta Array.prototype.push con múltiples argumentos que resultan en que el puntero de la pila está fuera de su sitio por 8 bytes tras un bailout. Esto filtra una dirección de memoria a la función llamante que puede emplearse como parte de un exploit dentro del proceso de contenido en sandbox. • http://www.securityfocus.com/bid/105460 http://www.securitytracker.com/id/1041770 https://access.redhat.com/errata/RHSA-2018:2881 https://access.redhat.com/errata/RHSA-2018:2884 https://bugzilla.mozilla.org/show_bug.cgi?id=1493903 https://security.gentoo.org/glsa/201810-01 https://usn.ubuntu.com/3778-1 https://www.debian.org/security/2018/dsa-4310 https://www.mozilla.org/security/advisories/mfsa2018-24 https://access.redhat.com/security/cve/CVE-2018-12387 https:/&#x • CWE-20: Improper Input Validation CWE-125: Out-of-bounds Read •