CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2018-5106 – Ubuntu Security Notice USN-3544-1
https://notcve.org/view.php?id=CVE-2018-5106
25 Jan 2018 — Style editor traffic in the Developer Tools can be routed through a service worker hosted on a third party website if a user selects error links when these tools are open. This can allow style editor information used within Developer Tools to leak cross-origin. This vulnerability affects Firefox < 58. El tráfico del editor de estilos en las herramientas del desarrollador se puede enrutar mediante un trabajador de servicio alojado en un sitio web externo si un usuario selecciona enlaces de error cuando estas... • http://www.securityfocus.com/bid/102786 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 1%CPEs: 4EXPL: 0CVE-2018-5107 – Ubuntu Security Notice USN-3544-1
https://notcve.org/view.php?id=CVE-2018-5107
25 Jan 2018 — The printing process can bypass local access protections to read files available through symlinks, bypassing local file restrictions. The printing process requires files in a specific format so arbitrary data cannot be read but it is possible that some local file information could be exposed. This vulnerability affects Firefox < 58. El proceso de impresión puede omitir protecciones de acceso local para leer archivos disponibles mediante symlinks, omitiendo las restricciones de archivos locales. El proceso d... • http://www.securityfocus.com/bid/102786 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2018-5108 – Ubuntu Security Notice USN-3544-1
https://notcve.org/view.php?id=CVE-2018-5108
25 Jan 2018 — A Blob URL can violate origin attribute segregation, allowing it to be accessed from a private browsing tab and for data to be passed between the private browsing tab and a normal tab. This could allow for the leaking of private information specific to the private browsing context. This issue is mitigated by the requirement that the user enter the Blob URL manually in order for the access violation to occur. This vulnerability affects Firefox < 58. Una URL Blob puede violar la segregación del atributo origi... • http://www.securityfocus.com/bid/102786 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2018-5109 – Ubuntu Security Notice USN-3544-1
https://notcve.org/view.php?id=CVE-2018-5109
25 Jan 2018 — An audio capture session can started under an incorrect origin from the site making the capture request. Users are still prompted to allow the request but the prompt can display the wrong origin, leading to user confusion about which site is making the request to capture an audio stream. This vulnerability affects Firefox < 58. Se puede iniciar una sesión de captura de audio bajo un origen incorrecto desde el sitio enviando una petición de captura. Se les pedirán a los usuarios que permitan la petición pero... • http://www.securityfocus.com/bid/102786 • CWE-346: Origin Validation Error •
CVSS: 6.5EPSS: 1%CPEs: 4EXPL: 0CVE-2018-5111 – Ubuntu Security Notice USN-3544-1
https://notcve.org/view.php?id=CVE-2018-5111
25 Jan 2018 — When the text of a specially formatted URL is dragged to the addressbar from page content, the displayed URL can be spoofed to show a different site than the one loaded. This allows for phishing attacks where a malicious page can spoof the identify of another site. This vulnerability affects Firefox < 58. Cuando el texto de una URL especialmente formateada se arrastra a la barra de dirección desde el contenido de la página, la URL mostrada se puede suplantar para mostrar un sitio diferente que el que se ha ... • http://www.securityfocus.com/bid/102786 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 1%CPEs: 4EXPL: 0CVE-2018-5112 – Ubuntu Security Notice USN-3544-1
https://notcve.org/view.php?id=CVE-2018-5112
25 Jan 2018 — Development Tools panels of an extension are required to load URLs for the panels as relative URLs from the extension manifest file but this requirement was not enforced in all instances. This could allow the development tools panel for the extension to load a URL that it should not be able to access, including potentially privileged pages. This vulnerability affects Firefox < 58. Los paneles de las herramientas de desarrollo de una extensión son necesarios para cargar URL para los paneles como URL relativa... • http://www.securityfocus.com/bid/102786 • CWE-552: Files or Directories Accessible to External Parties •
CVSS: 7.5EPSS: 1%CPEs: 4EXPL: 0CVE-2018-5113 – Ubuntu Security Notice USN-3544-1
https://notcve.org/view.php?id=CVE-2018-5113
25 Jan 2018 — The "browser.identity.launchWebAuthFlow" function of WebExtensions is only allowed to load content over "https:" but this requirement was not properly enforced. This can potentially allow privileged pages to be loaded by the extension. This vulnerability affects Firefox < 58. La función "browser.identity.launchWebAuthFlow" de WebExtensions solo tiene permitido cargar contenido sobre "https:" pero este requisito no se cumplió correctamente. Esto puede permitir que las páginas privilegiadas se carguen mediant... • http://www.securityfocus.com/bid/102786 • CWE-862: Missing Authorization •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2018-5114 – Ubuntu Security Notice USN-3544-1
https://notcve.org/view.php?id=CVE-2018-5114
25 Jan 2018 — If an existing cookie is changed to be "HttpOnly" while a document is open, the original value remains accessible through script until that document is closed. Network requests correctly use the changed HttpOnly cookie. This vulnerability affects Firefox < 58. Si una cookie existente se cambia a "HttpOnly" mientras un documento está abierto, el valor original permanece accesible a través del script hasta que el documento se cierra. Las peticiones de red utilizan correctamente la cookie modificada con el atr... • http://www.securityfocus.com/bid/102786 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 1%CPEs: 4EXPL: 0CVE-2018-5115 – Ubuntu Security Notice USN-3544-1
https://notcve.org/view.php?id=CVE-2018-5115
25 Jan 2018 — If an HTTP authentication prompt is triggered by a background network request from a page or extension, it is displayed over the currently loaded foreground page. Although the prompt contains the real domain making the request, this can result in user confusion about the originating site of the authentication request and may cause users to mistakenly send private credential information to a third party site. This vulnerability affects Firefox < 58. Si una petición de autenticación HTTP es activada por una p... • http://www.securityfocus.com/bid/102786 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 1%CPEs: 4EXPL: 0CVE-2018-5116 – Ubuntu Security Notice USN-3544-1
https://notcve.org/view.php?id=CVE-2018-5116
25 Jan 2018 — WebExtensions with the "ActiveTab" permission are able to access frames hosted within the active tab even if the frames are cross-origin. Malicious extensions can inject frames from arbitrary origins into the loaded page and then interact with them, bypassing same-origin user expectations with this permission. This vulnerability affects Firefox < 58. WebExtensions con el permiso "ActiveTab" puede acceder a las tramas alojadas dentro de la pestaña activa incluso si las tramas son de orígenes cruzados. Las ex... • http://www.securityfocus.com/bid/102786 • CWE-346: Origin Validation Error •