CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-5135 – Ubuntu Security Notice USN-3596-1
https://notcve.org/view.php?id=CVE-2018-5135
14 Mar 2018 — WebExtensions can bypass normal restrictions in some circumstances and use "browser.tabs.executeScript" to inject scripts into contexts where this should not be allowed, such as pages from other WebExtensions or unprivileged "about:" pages. This vulnerability affects Firefox < 59. WebExtensions puede omitir las restricciones normales en algunas circunstancias y utilizar "browser.tabs.executeScript" para inyectar secuencias de comandos en contextos en los que esto no debería permitirse, como páginas de otros... • http://www.securityfocus.com/bid/103386 • CWE-862: Missing Authorization •
CVSS: 8.2EPSS: 0%CPEs: 4EXPL: 0CVE-2018-5141 – Ubuntu Security Notice USN-3596-2
https://notcve.org/view.php?id=CVE-2018-5141
14 Mar 2018 — A vulnerability in the notifications Push API where notifications can be sent through service workers by web content without direct user interaction. This could be used to open new tabs in a denial of service (DOS) attack or to display unwanted content from arbitrary URLs to users. This vulnerability affects Firefox < 59. Una vulnerabilidad en la API de notificaciones push en donde las notificaciones pueden ser enviadas a través de los service workers por contenido web sin la interacción directa del usuario... • http://www.securityfocus.com/bid/103386 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 17EXPL: 0CVE-2018-5130 – Mozilla: Mismatched RTP payload type can trigger memory corruption (MFSA 2018-07)
https://notcve.org/view.php?id=CVE-2018-5130
14 Mar 2018 — When packets with a mismatched RTP payload type are sent in WebRTC connections, in some circumstances a potentially exploitable crash is triggered. This vulnerability affects Firefox ESR < 52.7 and Firefox < 59. Cuando se envían paquetes con un tipo de carga útil RTP no coincidente en conexiones WebRTC, en algunas circunstancias, se desencadena un fallo potencialmente explotable. Esta vulnerabilidad afecta a las versiones anteriores a la 52.7 de Firefox ESR y las versiones anteriores a la 59 de Firefox. USN... • http://www.securityfocus.com/bid/103388 • CWE-20: Improper Input Validation CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-5134 – Ubuntu Security Notice USN-3596-1
https://notcve.org/view.php?id=CVE-2018-5134
14 Mar 2018 — WebExtensions may use "view-source:" URLs to view local "file:" URL content, as well as content stored in "about:cache", bypassing restrictions that only allow WebExtensions to view specific content. This vulnerability affects Firefox < 59. WebExtensions puede usar URL "view-source:" para visualizar contenido de URL"file:" local, así como el contenido almacenado en "about:cache", omitiendo las restricciones que solo permiten a WebExtensions visualizar contenido específico. Esta vulnerabilidad afecta a las v... • http://www.securityfocus.com/bid/103386 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2018-5137 – Ubuntu Security Notice USN-3596-2
https://notcve.org/view.php?id=CVE-2018-5137
14 Mar 2018 — A legacy extension's non-contentaccessible, defined resources can be loaded by an arbitrary web page through script. This script does this by using a maliciously crafted path string to reference the resources. Note: this vulnerability does not affect WebExtensions. This vulnerability affects Firefox < 59. Los recursos definidos y no accesibles de una extensión legacy pueden ser cargados por una página web arbitraria a través de un script. • http://www.securityfocus.com/bid/103386 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7844 – Gentoo Linux Security Advisory 201802-03
https://notcve.org/view.php?id=CVE-2017-7844
20 Feb 2018 — A combination of an external SVG image referenced on a page and the coloring of anchor links stored within this image can be used to determine which pages a user has in their history. This can allow a malicious website to query user history. Note: This issue only affects Firefox 57. Earlier releases are not affected. This vulnerability affects Firefox < 57.0.1. • http://www.securityfocus.com/bid/102039 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-5124 – Ubuntu Security Notice USN-3552-1
https://notcve.org/view.php?id=CVE-2018-5124
31 Jan 2018 — Unsanitized output in the browser UI leaves HTML tags in place and can result in arbitrary code execution in Firefox before version 58.0.1. Una salida no saneada en la interfaz de usuario en el navegador deja etiquetas HTML que pueden conllevar en una ejecución de código en Firefox versiones anteriores a 58.0.1. Johann Hofmann discovered that HTML fragments created for chrome-privileged documents were not properly sanitized. An attacker could exploit this to execute arbitrary code. • https://www.mozilla.org/en-US/security/advisories/mfsa2018-05 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2018-5100 – Ubuntu Security Notice USN-3544-1
https://notcve.org/view.php?id=CVE-2018-5100
25 Jan 2018 — A use-after-free vulnerability can occur when arguments passed to the "IsPotentiallyScrollable" function are freed while still in use by scripts. This results in a potentially exploitable crash. This vulnerability affects Firefox < 58. Puede ocurrir una vulnerabilidad de uso de memoria previamente liberada cuando los argumentos pasados a la función "IsPotentiallyScrollable" se liberan cuando todavía hay scripts que los están utilizando. Esto resulta en un cierre inesperado explotable. • http://www.securityfocus.com/bid/102786 • CWE-416: Use After Free •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2018-5122 – Ubuntu Security Notice USN-3544-1
https://notcve.org/view.php?id=CVE-2018-5122
25 Jan 2018 — A potential integer overflow in the "DoCrypt" function of WebCrypto was identified. If a means was found of exploiting it, it could result in an out-of-bounds write. This vulnerability affects Firefox < 58. Se ha identificado un potencial desbordamiento de enteros en la función "DoCrypt" de WebCrypto. Si se encuentra un medio para explotarlo, podría resultar en una escritura fuera de límites. • http://www.securityfocus.com/bid/102786 • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2018-5116 – Ubuntu Security Notice USN-3544-1
https://notcve.org/view.php?id=CVE-2018-5116
25 Jan 2018 — WebExtensions with the "ActiveTab" permission are able to access frames hosted within the active tab even if the frames are cross-origin. Malicious extensions can inject frames from arbitrary origins into the loaded page and then interact with them, bypassing same-origin user expectations with this permission. This vulnerability affects Firefox < 58. WebExtensions con el permiso "ActiveTab" puede acceder a las tramas alojadas dentro de la pestaña activa incluso si las tramas son de orígenes cruzados. Las ex... • http://www.securityfocus.com/bid/102786 • CWE-346: Origin Validation Error •