CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2018-5122 – Ubuntu Security Notice USN-3544-1
https://notcve.org/view.php?id=CVE-2018-5122
25 Jan 2018 — A potential integer overflow in the "DoCrypt" function of WebCrypto was identified. If a means was found of exploiting it, it could result in an out-of-bounds write. This vulnerability affects Firefox < 58. Se ha identificado un potencial desbordamiento de enteros en la función "DoCrypt" de WebCrypto. Si se encuentra un medio para explotarlo, podría resultar en una escritura fuera de límites. • http://www.securityfocus.com/bid/102786 • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2018-5116 – Ubuntu Security Notice USN-3544-1
https://notcve.org/view.php?id=CVE-2018-5116
25 Jan 2018 — WebExtensions with the "ActiveTab" permission are able to access frames hosted within the active tab even if the frames are cross-origin. Malicious extensions can inject frames from arbitrary origins into the loaded page and then interact with them, bypassing same-origin user expectations with this permission. This vulnerability affects Firefox < 58. WebExtensions con el permiso "ActiveTab" puede acceder a las tramas alojadas dentro de la pestaña activa incluso si las tramas son de orígenes cruzados. Las ex... • http://www.securityfocus.com/bid/102786 • CWE-346: Origin Validation Error •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2018-5108 – Ubuntu Security Notice USN-3544-1
https://notcve.org/view.php?id=CVE-2018-5108
25 Jan 2018 — A Blob URL can violate origin attribute segregation, allowing it to be accessed from a private browsing tab and for data to be passed between the private browsing tab and a normal tab. This could allow for the leaking of private information specific to the private browsing context. This issue is mitigated by the requirement that the user enter the Blob URL manually in order for the access violation to occur. This vulnerability affects Firefox < 58. Una URL Blob puede violar la segregación del atributo origi... • http://www.securityfocus.com/bid/102786 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2018-5113 – Ubuntu Security Notice USN-3544-1
https://notcve.org/view.php?id=CVE-2018-5113
25 Jan 2018 — The "browser.identity.launchWebAuthFlow" function of WebExtensions is only allowed to load content over "https:" but this requirement was not properly enforced. This can potentially allow privileged pages to be loaded by the extension. This vulnerability affects Firefox < 58. La función "browser.identity.launchWebAuthFlow" de WebExtensions solo tiene permitido cargar contenido sobre "https:" pero este requisito no se cumplió correctamente. Esto puede permitir que las páginas privilegiadas se carguen mediant... • http://www.securityfocus.com/bid/102786 • CWE-862: Missing Authorization •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2018-5114 – Ubuntu Security Notice USN-3544-1
https://notcve.org/view.php?id=CVE-2018-5114
25 Jan 2018 — If an existing cookie is changed to be "HttpOnly" while a document is open, the original value remains accessible through script until that document is closed. Network requests correctly use the changed HttpOnly cookie. This vulnerability affects Firefox < 58. Si una cookie existente se cambia a "HttpOnly" mientras un documento está abierto, el valor original permanece accesible a través del script hasta que el documento se cierra. Las peticiones de red utilizan correctamente la cookie modificada con el atr... • http://www.securityfocus.com/bid/102786 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2018-5092 – Ubuntu Security Notice USN-3544-1
https://notcve.org/view.php?id=CVE-2018-5092
25 Jan 2018 — A use-after-free vulnerability can occur when the thread for a Web Worker is freed from memory prematurely instead of from memory in the main thread while cancelling fetch operations. This vulnerability affects Firefox < 58. Puede ocurrir una vulnerabilidad de uso de memoria previamente liberada cuando el hilo para un Web Worker se libera de la memoria prematuramente en vez de la memoria en el hilo principal cuando se cancelan las operaciones fetch. Esta vulnerabilidad afecta a las versiones anteriores a la... • http://www.securityfocus.com/bid/102786 • CWE-416: Use After Free •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2018-5109 – Ubuntu Security Notice USN-3544-1
https://notcve.org/view.php?id=CVE-2018-5109
25 Jan 2018 — An audio capture session can started under an incorrect origin from the site making the capture request. Users are still prompted to allow the request but the prompt can display the wrong origin, leading to user confusion about which site is making the request to capture an audio stream. This vulnerability affects Firefox < 58. Se puede iniciar una sesión de captura de audio bajo un origen incorrecto desde el sitio enviando una petición de captura. Se les pedirán a los usuarios que permitan la petición pero... • http://www.securityfocus.com/bid/102786 • CWE-346: Origin Validation Error •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2018-5111 – Ubuntu Security Notice USN-3544-1
https://notcve.org/view.php?id=CVE-2018-5111
25 Jan 2018 — When the text of a specially formatted URL is dragged to the addressbar from page content, the displayed URL can be spoofed to show a different site than the one loaded. This allows for phishing attacks where a malicious page can spoof the identify of another site. This vulnerability affects Firefox < 58. Cuando el texto de una URL especialmente formateada se arrastra a la barra de dirección desde el contenido de la página, la URL mostrada se puede suplantar para mostrar un sitio diferente que el que se ha ... • http://www.securityfocus.com/bid/102786 • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2018-5118 – Ubuntu Security Notice USN-3544-1
https://notcve.org/view.php?id=CVE-2018-5118
25 Jan 2018 — The screenshot images displayed in the Activity Stream page displayed when a new tab is opened is created from the meta tags of websites. An issue was discovered where the page could attempt to create these images through "file:" URLs from the local file system. This loading is blocked by the sandbox but could expose local data if combined with another attack that escapes sandbox protections. This vulnerability affects Firefox < 58. Las imágenes de captura de pantalla que se muestran en la página Activity S... • http://www.securityfocus.com/bid/102786 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2018-5090 – Ubuntu Security Notice USN-3544-1
https://notcve.org/view.php?id=CVE-2018-5090
25 Jan 2018 — Memory safety bugs were reported in Firefox 57. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 58. Se han informado de errores de seguridad de memoria en Firefox 57. Algunos de estos errores mostraron evidencias de corrupción de memoria y se cree que, con el esfuerzo necesario, se podrían explotar para ejecutar código arbitrario. • http://www.securityfocus.com/bid/102786 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •