CVSS: 9.8EPSS: 0%CPEs: 20EXPL: 0CVE-2018-5183 – Mozilla: Backport critical security fixes in Skia
https://notcve.org/view.php?id=CVE-2018-5183
Mozilla developers backported selected changes in the Skia library. These changes correct memory corruption issues including invalid buffer reads and writes during graphic operations. This vulnerability affects Thunderbird ESR < 52.8, Thunderbird < 52.8, and Firefox ESR < 52.8. Los desarrolladores de Mozilla aplicaron los cambios seleccionados en la biblioteca Skia. Estos cambios corrigen los problemas de corrupción de memoria, incluyendo las lecturas y escrituras de búfer no válidas durante las operaciones gráficas. • http://www.securityfocus.com/bid/104138 http://www.securitytracker.com/id/1040898 https://access.redhat.com/errata/RHSA-2018:1414 https://access.redhat.com/errata/RHSA-2018:1415 https://access.redhat.com/errata/RHSA-2018:1725 https://access.redhat.com/errata/RHSA-2018:1726 https://bugzilla.mozilla.org/show_bug.cgi?id=1454692 https://lists.debian.org/debian-lts-announce/2018/05/msg00007.html https://lists.debian.org/debian-lts-announce/2018/05/msg00013.html https://securi • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 0CVE-2017-7825
https://notcve.org/view.php?id=CVE-2017-7825
Several fonts on OS X display some Tibetan and Arabic characters as whitespace. When used in the addressbar as part of an IDN this can be used for domain name spoofing attacks. Note: This attack only affects OS X operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4. • http://www.securityfocus.com/bid/101059 http://www.securitytracker.com/id/1039465 https://bugzilla.mozilla.org/show_bug.cgi?id=1390980 https://bugzilla.mozilla.org/show_bug.cgi?id=1393624 https://lists.debian.org/debian-lts-announce/2017/11/msg00000.html https://security.gentoo.org/glsa/201803-14 https://www.mozilla.org/security/advisories/mfsa2017-21 https://www.mozilla.org/security/advisories/mfsa2017-22 https://www.mozilla.org/security/advisories/mfsa2017-23 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 35%CPEs: 22EXPL: 1CVE-2018-5146 – Mozilla Firefox libvorbis OGG Decoding Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-5146
An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest. This vulnerability affects Firefox < 59.0.1, Firefox ESR < 52.7.2, and Thunderbird < 52.7. Una escritura de memoria fuera de límites mientras se procesaban los datos de audio de Vorbis fue reportada a través de la competición Pwn2Own. Esta vulnerabilidad afecta a las versiones anteriores a la 59.0.1 de Firefox, las versiones anteriores a la 52.7.2 de Firefox ESR y las versiones anteriores a la 52.7 de Thunderbird. An out of bounds write flaw was found in the processing of vorbis audio data. • https://github.com/f01965/CVE-2018-5146 http://www.securityfocus.com/bid/103432 http://www.securitytracker.com/id/1040544 https://access.redhat.com/errata/RHSA-2018:0549 https://access.redhat.com/errata/RHSA-2018:0647 https://access.redhat.com/errata/RHSA-2018:0648 https://access.redhat.com/errata/RHSA-2018:0649 https://access.redhat.com/errata/RHSA-2018:1058 https://bugzilla.mozilla.org/show_bug.cgi?id=1446062 https://lists.debian.org/debian-lts-announce/2018/03/msg • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 18EXPL: 0CVE-2018-5144 – Mozilla: Integer overflow during Unicode conversion (MFSA 2018-07)
https://notcve.org/view.php?id=CVE-2018-5144
An integer overflow can occur during conversion of text to some Unicode character sets due to an unchecked length parameter. This vulnerability affects Firefox ESR < 52.7 and Thunderbird < 52.7. Se puede producir un desbordamiento de enteros durante la conversión de texto a algunos conjuntos de caracteres Unicode debido a un parámetro de longitud no verificado. Esta vulnerabilidad afecta a las versiones anteriores a la 52.7 de Firefox ESR y las versiones anteriores a la 52.7 de Thunderbird. • http://www.securityfocus.com/bid/103384 http://www.securitytracker.com/id/1040514 https://access.redhat.com/errata/RHSA-2018:0526 https://access.redhat.com/errata/RHSA-2018:0527 https://access.redhat.com/errata/RHSA-2018:0647 https://access.redhat.com/errata/RHSA-2018:0648 https://bugzilla.mozilla.org/show_bug.cgi?id=1440926 https://lists.debian.org/debian-lts-announce/2018/03/msg00010.html https://lists.debian.org/debian-lts-announce/2018/03/msg00029.html https://securi • CWE-190: Integer Overflow or Wraparound •
CVSS: 9.8EPSS: 0%CPEs: 21EXPL: 0CVE-2018-5145 – Mozilla: Memory safety bugs fixed in Firefox ESR 52.7 (MFSA 2018-07)
https://notcve.org/view.php?id=CVE-2018-5145
Memory safety bugs were reported in Firefox ESR 52.6. These bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 52.7 and Thunderbird < 52.7. Se han informado de errores de seguridad de memoria en Firefox ESR 52.6. Estos errores mostraron evidencias de corrupción de memoria y se cree que, con el esfuerzo necesario, se podrían explotar para ejecutar código arbitrario. • http://www.securityfocus.com/bid/103384 http://www.securitytracker.com/id/1040514 https://access.redhat.com/errata/RHSA-2018:0526 https://access.redhat.com/errata/RHSA-2018:0527 https://access.redhat.com/errata/RHSA-2018:0647 https://access.redhat.com/errata/RHSA-2018:0648 https://bugzilla.mozilla.org/buglist.cgi?bug_id=1261175%2C1348955 https://lists.debian.org/debian-lts-announce/2018/03/msg00010.html https://lists.debian.org/debian-lts-announce/2018/03/msg00029.html https:& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •