CVSS: 9.8EPSS: 0%CPEs: 15EXPL: 0CVE-2018-5089 – Mozilla: Memory safety bugs fixed in Firefox 58 and Firefox ESR 52.6 (MFSA 2018-03)
https://notcve.org/view.php?id=CVE-2018-5089
Memory safety bugs were reported in Firefox 57 and Firefox ESR 52.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58. Se han informado de errores de seguridad de memoria en Firefox 57 y Firefox ESR 52.5. Algunos de estos errores mostraron evidencias de corrupción de memoria y se cree que, con el esfuerzo necesario, se podrían explotar para ejecutar código arbitrario. • http://www.securityfocus.com/bid/102783 http://www.securitytracker.com/id/1040270 https://access.redhat.com/errata/RHSA-2018:0122 https://access.redhat.com/errata/RHSA-2018:0262 https://bugzilla.mozilla.org/buglist.cgi?bug_id=1412420%2C1426783%2C1422389%2C1415598%2C1410134%2C1408017%2C1224396%2C1382366%2C1415582%2C1417797%2C1409951%2C1414452%2C1428589%2C1425780%2C1399520%2C1418854%2C1408276%2C1412145%2C1331209%2C1425612 https://lists.debian.org/debian-lts-announce/2018/01/msg00030.html https://lists.debian.org/debian-lts&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 0%CPEs: 21EXPL: 0CVE-2018-5095 – Mozilla: Integer overflow in Skia library during edge builder allocation (MFSA 2018-03)
https://notcve.org/view.php?id=CVE-2018-5095
An integer overflow vulnerability in the Skia library when allocating memory for edge builders on some systems with at least 8 GB of RAM. This results in the use of uninitialized memory, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58. Una vulnerabilidad de desbordamiento de enteros en la librería Skia cuando se asigna memoria para los "edge builders" en determinados sistemas con al menos 8 GB de RAM. Esto resulta en el uso de memoria no inicializada, resultando en un cierre inesperado potencialmente explotable. • http://www.securityfocus.com/bid/102783 http://www.securitytracker.com/id/1040270 https://access.redhat.com/errata/RHSA-2018:0122 https://access.redhat.com/errata/RHSA-2018:0262 https://bugzilla.mozilla.org/show_bug.cgi?id=1418447 https://lists.debian.org/debian-lts-announce/2018/01/msg00030.html https://lists.debian.org/debian-lts-announce/2018/01/msg00036.html https://usn.ubuntu.com/3544-1 https://www.debian.org/security/2018/dsa-4096 https://www.debian.org/securi • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-190: Integer Overflow or Wraparound CWE-908: Use of Uninitialized Resource •
CVSS: 9.8EPSS: 0%CPEs: 18EXPL: 0CVE-2018-5102 – Mozilla: Use-after-free in HTML media elements (MFSA 2018-03)
https://notcve.org/view.php?id=CVE-2018-5102
A use-after-free vulnerability can occur when manipulating HTML media elements with media streams, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58. Puede ocurrir una vulnerabilidad de uso de memoria previamente liberada cuando se manipulan elementos HTML media con media streams, resultando en un cierre inesperado potencialmente explotable. Esta vulnerabilidad afecta a las versiones anteriores a la 52.6 de Thunderbird, las versiones anteriores a la 52.6 de Firefox ESR y las versiones anteriores a la 58 de Firefox. • http://www.securityfocus.com/bid/102783 http://www.securitytracker.com/id/1040270 https://access.redhat.com/errata/RHSA-2018:0122 https://access.redhat.com/errata/RHSA-2018:0262 https://bugzilla.mozilla.org/show_bug.cgi?id=1419363 https://lists.debian.org/debian-lts-announce/2018/01/msg00030.html https://lists.debian.org/debian-lts-announce/2018/01/msg00036.html https://usn.ubuntu.com/3544-1 https://www.debian.org/security/2018/dsa-4096 https://www.debian.org/securi • CWE-416: Use After Free •
CVSS: 9.8EPSS: 0%CPEs: 18EXPL: 0CVE-2018-5097 – Mozilla: Use-after-free when source document is manipulated during XSLT (MFSA 2018-03)
https://notcve.org/view.php?id=CVE-2018-5097
A use-after-free vulnerability can occur during XSL transformations when the source document for the transformation is manipulated by script content during the transformation. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58. Puede ocurrir una vulnerabilidad de uso de memoria previamente liberada durante las transformaciones XSL cuando el documento de origen para la transformación se manipula con scripts durante la transformación. Esto resulta en un cierre inesperado explotable. • http://www.securityfocus.com/bid/102783 http://www.securitytracker.com/id/1040270 https://access.redhat.com/errata/RHSA-2018:0122 https://access.redhat.com/errata/RHSA-2018:0262 https://bugzilla.mozilla.org/show_bug.cgi?id=1387427 https://lists.debian.org/debian-lts-announce/2018/01/msg00030.html https://lists.debian.org/debian-lts-announce/2018/01/msg00036.html https://usn.ubuntu.com/3544-1 https://www.debian.org/security/2018/dsa-4096 https://www.debian.org/securi • CWE-416: Use After Free •
CVSS: 5.3EPSS: 0%CPEs: 17EXPL: 0CVE-2017-7848 – Mozilla: RSS Feed vulnerable to new line Injection
https://notcve.org/view.php?id=CVE-2017-7848
RSS fields can inject new lines into the created email structure, modifying the message body. This vulnerability affects Thunderbird < 52.5.2. Los campos RSS pueden inyectar nuevas líneas en la estructura del correo electrónico creado, modificando el cuerpo del mensaje. La vulnerabilidad afecta a las versiones anteriores a la 52.5.2 de Thunderbird. • http://www.securityfocus.com/bid/102258 http://www.securitytracker.com/id/1040123 https://access.redhat.com/errata/RHSA-2018:0061 https://bugzilla.mozilla.org/show_bug.cgi?id=1411699 https://lists.debian.org/debian-lts-announce/2017/12/msg00026.html https://www.debian.org/security/2017/dsa-4075 https://www.mozilla.org/security/advisories/mfsa2017-30 https://access.redhat.com/security/cve/CVE-2017-7848 https://bugzilla.redhat.com/show_bug.cgi?id=1530192 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •