CVSS: 9.1EPSS: 17%CPEs: 18EXPL: 3CVE-2017-5465 – Mozilla Firefox < 53 - 'ConvolvePixel' Memory Disclosure
https://notcve.org/view.php?id=CVE-2017-5465
20 Apr 2017 — An out-of-bounds read while processing SVG content in "ConvolvePixel". This results in a crash and also allows for otherwise inaccessible memory being copied into SVG graphic content, which could then displayed. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. Lectura fuera de límites al procesar contenido SVG en "ConvolvePixel". Esto resulta en un cierre inesperado y también permite que memoria normalmente inaccesible se copie en contenido gráfico SVG... • https://packetstorm.news/files/id/142670 • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 5%CPEs: 18EXPL: 0CVE-2017-5469 – Mozilla: Potential Buffer overflow in flex-generated code (MFSA 2017-11, MFSA 2017-12)
https://notcve.org/view.php?id=CVE-2017-5469
20 Apr 2017 — Fixed potential buffer overflows in generated Firefox code due to CVE-2016-6354 issue in Flex. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. Se han solucionado potenciales desbordamientos de búfer en el código Firefox generado debido a un problema CVE-2016-6354 en Flex. La vulnerabilidad afecta a Thunderbird en versiones anteriores a la 52.1, Firefox ESR en versiones anteriores a la 45.9, Firefox en versiones anteriores a la 52.1 y Firefox en versio... • http://www.securityfocus.com/bid/97940 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 1CVE-2017-5409 – SUSE Security Advisory - SUSE-SU-2017:0732-1
https://notcve.org/view.php?id=CVE-2017-5409
17 Mar 2017 — The Mozilla Windows updater can be called by a non-privileged user to delete an arbitrary local file by passing a special path to the callback parameter through the Mozilla Maintenance Service, which has privileged access. Note: This attack requires local system access and only affects Windows. Other operating systems are not affected. This vulnerability affects Firefox ESR < 45.8 and Firefox < 52. El actualizador Mozilla para Windows puede ser llamado por un usuario sin privilegios para eliminar un archivo... • http://www.securityfocus.com/bid/96696 • CWE-269: Improper Privilege Management •
CVSS: 9.8EPSS: 3%CPEs: 11EXPL: 1CVE-2017-5428 – Mozilla Firefox createImageBitmap Integer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-5428
17 Mar 2017 — An integer overflow in "createImageBitmap()" was reported through the Pwn2Own contest. The fix for this vulnerability disables the experimental extensions to the "createImageBitmap" API. This function runs in the content sandbox, requiring a second vulnerability to compromise a user's computer. This vulnerability affects Firefox ESR < 52.0.1 and Firefox < 52.0.1. Se ha informado acerca de un desbordamiento de enteros en "createImageBitmap()" a través del concurso Pwn2Own. • http://rhn.redhat.com/errata/RHSA-2017-0558.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 1%CPEs: 6EXPL: 1CVE-2016-10196 – libevent: Stack-buffer overflow in evutil_parse_sockaddr_port()
https://notcve.org/view.php?id=CVE-2016-10196
13 Mar 2017 — Stack-based buffer overflow in the evutil_parse_sockaddr_port function in evutil.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (segmentation fault) via vectors involving a long string in brackets in the ip_as_string argument. Desbordamiento de búfer en la función evutil_parse_sockaddr_port en evutil.c en libevent en versiones anteriores a 2.1.6-beta permite a atacantes provocar una denegación de servicio (fallo de segmentación) a través de vectores que implican una cadena lar... • http://www.debian.org/security/2017/dsa-3789 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 2%CPEs: 20EXPL: 0CVE-2017-5398 – Mozilla: Memory safety bugs fixed in Firefox 52 and Firefox ESR 45.8 (MFSA 2017-06)
https://notcve.org/view.php?id=CVE-2017-5398
08 Mar 2017 — Memory safety bugs were reported in Thunderbird 45.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8. Se han reportado errores de seguridad de memoria en Thunderbird 45.7. Algunos de estos errores mostraron evidencias de corrupción de memoria y se entiende que, con el suficiente esfuerzo, algunos de ... • http://rhn.redhat.com/errata/RHSA-2017-0459.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 2%CPEs: 2EXPL: 0CVE-2017-5399 – Ubuntu Security Notice USN-3216-1
https://notcve.org/view.php?id=CVE-2017-5399
08 Mar 2017 — Memory safety bugs were reported in Firefox 51. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 52 and Thunderbird < 52. Se han reportado errores de seguridad de memoria en Firefox 51. Algunos de estos errores mostraron evidencias de corrupción de memoria y se entiende que, con el suficiente esfuerzo, algunos de estos podrían explotarse para ejecutar código arbitra... • http://www.securityfocus.com/bid/96692 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 18EXPL: 0CVE-2017-5400 – Mozilla: asm.js JIT-spray bypass of ASLR and DEP (MFSA 2017-06)
https://notcve.org/view.php?id=CVE-2017-5400
08 Mar 2017 — JIT-spray targeting asm.js combined with a heap spray allows for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8. Un spray JIT que apunta a asm.js combinado con un heap spray permite la omisión de las protecciones ASLR y DEP, lo que conduce a ataques de corrupción de memoria. La vulnerabilidad afecta a Firefox en versiones anteriores a la 52, Firefox ESR en versiones ant... • http://rhn.redhat.com/errata/RHSA-2017-0459.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 5%CPEs: 21EXPL: 1CVE-2017-5401 – Mozilla: Memory Corruption when handling ErrorResult (MFSA 2017-06)
https://notcve.org/view.php?id=CVE-2017-5401
08 Mar 2017 — A crash triggerable by web content in which an "ErrorResult" references unassigned memory due to a logic error. The resulting crash may be exploitable. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8. Un cierre inesperado desencadenable mediante contenido web en el que un "ErrorResult" referencia memoria no asignada debido a un error de lógica. El cierre inesperado resultante podría ser explotado. • http://rhn.redhat.com/errata/RHSA-2017-0459.html • CWE-388: 7PK - Errors •
CVSS: 9.8EPSS: 3%CPEs: 21EXPL: 0CVE-2017-5402 – Mozilla: Use-after-free working with events in FontFace objects (MFSA 2017-06)
https://notcve.org/view.php?id=CVE-2017-5402
08 Mar 2017 — A use-after-free can occur when events are fired for a "FontFace" object after the object has been already been destroyed while working with fonts. This results in a potentially exploitable crash. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8. Puede ocurrir un uso de memoria previamente liberada cuando se lanzan eventos para un objeto "FontFace" una vez el objeto ha sido ya destruido mientras se trabaja con fuentes. Esto resulta en un cierre inesperado... • http://rhn.redhat.com/errata/RHSA-2017-0459.html • CWE-416: Use After Free •