CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2018-5094 – Ubuntu Security Notice USN-3544-1
https://notcve.org/view.php?id=CVE-2018-5094
25 Jan 2018 — A heap buffer overflow vulnerability may occur in WebAssembly when "shrinkElements" is called followed by garbage collection on memory that is now uninitialized. This results in a potentially exploitable crash. This vulnerability affects Firefox < 58. Podría ocurrir un desbordamiento de búfer basado en memoria dinámica (heap) en WebAssembly cuando se llama a "shrinkElements" seguido de la recolección de basura (garbage collection) en la memoria que ahora está sin inicializar. Esto resulta en un cierre inesp... • http://www.securityfocus.com/bid/102786 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2018-5100 – Ubuntu Security Notice USN-3544-1
https://notcve.org/view.php?id=CVE-2018-5100
25 Jan 2018 — A use-after-free vulnerability can occur when arguments passed to the "IsPotentiallyScrollable" function are freed while still in use by scripts. This results in a potentially exploitable crash. This vulnerability affects Firefox < 58. Puede ocurrir una vulnerabilidad de uso de memoria previamente liberada cuando los argumentos pasados a la función "IsPotentiallyScrollable" se liberan cuando todavía hay scripts que los están utilizando. Esto resulta en un cierre inesperado explotable. • http://www.securityfocus.com/bid/102786 • CWE-416: Use After Free •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2018-5108 – Ubuntu Security Notice USN-3544-1
https://notcve.org/view.php?id=CVE-2018-5108
25 Jan 2018 — A Blob URL can violate origin attribute segregation, allowing it to be accessed from a private browsing tab and for data to be passed between the private browsing tab and a normal tab. This could allow for the leaking of private information specific to the private browsing context. This issue is mitigated by the requirement that the user enter the Blob URL manually in order for the access violation to occur. This vulnerability affects Firefox < 58. Una URL Blob puede violar la segregación del atributo origi... • http://www.securityfocus.com/bid/102786 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2018-5116 – Ubuntu Security Notice USN-3544-1
https://notcve.org/view.php?id=CVE-2018-5116
25 Jan 2018 — WebExtensions with the "ActiveTab" permission are able to access frames hosted within the active tab even if the frames are cross-origin. Malicious extensions can inject frames from arbitrary origins into the loaded page and then interact with them, bypassing same-origin user expectations with this permission. This vulnerability affects Firefox < 58. WebExtensions con el permiso "ActiveTab" puede acceder a las tramas alojadas dentro de la pestaña activa incluso si las tramas son de orígenes cruzados. Las ex... • http://www.securityfocus.com/bid/102786 • CWE-346: Origin Validation Error •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2018-5111 – Ubuntu Security Notice USN-3544-1
https://notcve.org/view.php?id=CVE-2018-5111
25 Jan 2018 — When the text of a specially formatted URL is dragged to the addressbar from page content, the displayed URL can be spoofed to show a different site than the one loaded. This allows for phishing attacks where a malicious page can spoof the identify of another site. This vulnerability affects Firefox < 58. Cuando el texto de una URL especialmente formateada se arrastra a la barra de dirección desde el contenido de la página, la URL mostrada se puede suplantar para mostrar un sitio diferente que el que se ha ... • http://www.securityfocus.com/bid/102786 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2018-5090 – Ubuntu Security Notice USN-3544-1
https://notcve.org/view.php?id=CVE-2018-5090
25 Jan 2018 — Memory safety bugs were reported in Firefox 57. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 58. Se han informado de errores de seguridad de memoria en Firefox 57. Algunos de estos errores mostraron evidencias de corrupción de memoria y se cree que, con el esfuerzo necesario, se podrían explotar para ejecutar código arbitrario. • http://www.securityfocus.com/bid/102786 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2018-5093 – Ubuntu Security Notice USN-3544-1
https://notcve.org/view.php?id=CVE-2018-5093
25 Jan 2018 — A heap buffer overflow vulnerability may occur in WebAssembly during Memory/Table resizing, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 58. Podría ocurrir un desbordamiento de búfer basado en memoria dinámica (heap) en WebAssembly durante el redimensionamiento de Memory/Table, resultando en un cierre inesperado potencialmente explotable. Esta vulnerabilidad afecta a las versiones anteriores a la 58 de Firefox. Multiple security issues were discovered in Firefox. • http://www.securityfocus.com/bid/102786 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2018-5119 – Ubuntu Security Notice USN-3544-1
https://notcve.org/view.php?id=CVE-2018-5119
25 Jan 2018 — The reader view will display cross-origin content when CORS headers are set to prohibit the loading of cross-origin content by a site. This could allow access to content that should be restricted in reader view. This vulnerability affects Firefox < 58. La vista del lector mostrará el contenido de orígenes cruzados cuando las cabeceras CORS estén configurados para prohibir la carga de contenido de orígenes cruzados por un sitio. Esto podría permitir el acceso a contenidos que deberían ser restringidos en la ... • http://www.securityfocus.com/bid/102786 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2018-5107 – Ubuntu Security Notice USN-3544-1
https://notcve.org/view.php?id=CVE-2018-5107
25 Jan 2018 — The printing process can bypass local access protections to read files available through symlinks, bypassing local file restrictions. The printing process requires files in a specific format so arbitrary data cannot be read but it is possible that some local file information could be exposed. This vulnerability affects Firefox < 58. El proceso de impresión puede omitir protecciones de acceso local para leer archivos disponibles mediante symlinks, omitiendo las restricciones de archivos locales. El proceso d... • http://www.securityfocus.com/bid/102786 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2018-5105 – Ubuntu Security Notice USN-3544-1
https://notcve.org/view.php?id=CVE-2018-5105
25 Jan 2018 — WebExtensions can bypass user prompts to first save and then open an arbitrarily downloaded file. This can result in an executable file running with local user privileges without explicit user consent. This vulnerability affects Firefox < 58. WebExtensions puede omitir los mensajes de diálogo del usuario para primero guardar y luego abrir un archivo descargado arbitrariamente. Esto puede resultar en la ejecución de un archivo ejecutable con privilegios de usuario locales sin el consentimiento explícito del ... • http://www.securityfocus.com/bid/102786 •