CVSS: 7.5EPSS: 1%CPEs: 4EXPL: 0CVE-2018-5137 – Ubuntu Security Notice USN-3596-2
https://notcve.org/view.php?id=CVE-2018-5137
14 Mar 2018 — A legacy extension's non-contentaccessible, defined resources can be loaded by an arbitrary web page through script. This script does this by using a maliciously crafted path string to reference the resources. Note: this vulnerability does not affect WebExtensions. This vulnerability affects Firefox < 59. Los recursos definidos y no accesibles de una extensión legacy pueden ser cargados por una página web arbitraria a través de un script. • http://www.securityfocus.com/bid/103386 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2018-5140 – Ubuntu Security Notice USN-3596-2
https://notcve.org/view.php?id=CVE-2018-5140
14 Mar 2018 — Image for moz-icons can be accessed through the "moz-icon:" protocol through script in web content even when otherwise prohibited. This could allow for information leakage of which applications are associated with specific MIME types by a malicious page. This vulnerability affects Firefox < 59. Se puede acceder a la imagen de los moz-icons a través del protocolo "moz-icon:" mediante un script en el contenido de la web, incluso cuando esté prohibido. Esto podría permitir la fuga de información de qué aplicac... • http://www.securityfocus.com/bid/103386 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.2EPSS: 1%CPEs: 4EXPL: 0CVE-2018-5141 – Ubuntu Security Notice USN-3596-2
https://notcve.org/view.php?id=CVE-2018-5141
14 Mar 2018 — A vulnerability in the notifications Push API where notifications can be sent through service workers by web content without direct user interaction. This could be used to open new tabs in a denial of service (DOS) attack or to display unwanted content from arbitrary URLs to users. This vulnerability affects Firefox < 59. Una vulnerabilidad en la API de notificaciones push en donde las notificaciones pueden ser enviadas a través de los service workers por contenido web sin la interacción directa del usuario... • http://www.securityfocus.com/bid/103386 • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 1%CPEs: 4EXPL: 0CVE-2018-5142 – Ubuntu Security Notice USN-3596-2
https://notcve.org/view.php?id=CVE-2018-5142
14 Mar 2018 — If Media Capture and Streams API permission is requested from documents with "data:" or "blob:" URLs, the permission notifications do not properly display the originating domain. The notification states "Unknown protocol" as the requestee, leading to user confusion about which site is asking for this permission. This vulnerability affects Firefox < 59. Si se solicita permiso de la API Media Capture and Streams desde documentos con URL "data:" o "blob:", las notificaciones de permiso no muestran correctament... • http://www.securityfocus.com/bid/103386 •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2018-5143 – Ubuntu Security Notice USN-3596-2
https://notcve.org/view.php?id=CVE-2018-5143
14 Mar 2018 — URLs using "javascript:" have the protocol removed when pasted into the addressbar to protect users from cross-site scripting (XSS) attacks, but if a tab character is embedded in the "javascript:" URL the protocol is not removed and the script will execute. This could allow users to be socially engineered to run an XSS attack against themselves. This vulnerability affects Firefox < 59. Las URL que utilizan "javascript:" eliminan el protocolo cuando se pega en la barra de direcciones para proteger a los usua... • http://www.securityfocus.com/bid/103386 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 1%CPEs: 1EXPL: 0CVE-2017-7844 – Gentoo Linux Security Advisory 201802-03
https://notcve.org/view.php?id=CVE-2017-7844
20 Feb 2018 — A combination of an external SVG image referenced on a page and the coloring of anchor links stored within this image can be used to determine which pages a user has in their history. This can allow a malicious website to query user history. Note: This issue only affects Firefox 57. Earlier releases are not affected. This vulnerability affects Firefox < 57.0.1. • http://www.securityfocus.com/bid/102039 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-5124 – Ubuntu Security Notice USN-3552-1
https://notcve.org/view.php?id=CVE-2018-5124
31 Jan 2018 — Unsanitized output in the browser UI leaves HTML tags in place and can result in arbitrary code execution in Firefox before version 58.0.1. Una salida no saneada en la interfaz de usuario en el navegador deja etiquetas HTML que pueden conllevar en una ejecución de código en Firefox versiones anteriores a 58.0.1. Johann Hofmann discovered that HTML fragments created for chrome-privileged documents were not properly sanitized. An attacker could exploit this to execute arbitrary code. • https://www.mozilla.org/en-US/security/advisories/mfsa2018-05 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 38%CPEs: 4EXPL: 0CVE-2018-5100 – Ubuntu Security Notice USN-3544-1
https://notcve.org/view.php?id=CVE-2018-5100
25 Jan 2018 — A use-after-free vulnerability can occur when arguments passed to the "IsPotentiallyScrollable" function are freed while still in use by scripts. This results in a potentially exploitable crash. This vulnerability affects Firefox < 58. Puede ocurrir una vulnerabilidad de uso de memoria previamente liberada cuando los argumentos pasados a la función "IsPotentiallyScrollable" se liberan cuando todavía hay scripts que los están utilizando. Esto resulta en un cierre inesperado explotable. • http://www.securityfocus.com/bid/102786 • CWE-416: Use After Free •
CVSS: 7.5EPSS: 3%CPEs: 4EXPL: 0CVE-2018-5101 – Ubuntu Security Notice USN-3544-1
https://notcve.org/view.php?id=CVE-2018-5101
25 Jan 2018 — A use-after-free vulnerability can occur when manipulating floating "first-letter" style elements, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 58. Puede ocurrir una vulnerabilidad de uso de memoria previamente liberada cuando se manipulan elementos de estilo "first-letter" flotantes, resultando en un cierre inesperado potencialmente explotable. Esta vulnerabilidad afecta a las versiones anteriores a la 58 de Firefox. Multiple security issues were discovered in Firefox.... • http://www.securityfocus.com/bid/102786 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2018-5105 – Ubuntu Security Notice USN-3544-1
https://notcve.org/view.php?id=CVE-2018-5105
25 Jan 2018 — WebExtensions can bypass user prompts to first save and then open an arbitrarily downloaded file. This can result in an executable file running with local user privileges without explicit user consent. This vulnerability affects Firefox < 58. WebExtensions puede omitir los mensajes de diálogo del usuario para primero guardar y luego abrir un archivo descargado arbitrariamente. Esto puede resultar en la ejecución de un archivo ejecutable con privilegios de usuario locales sin el consentimiento explícito del ... • http://www.securityfocus.com/bid/102786 •