CVSS: 9.8EPSS: 4%CPEs: 18EXPL: 1CVE-2017-5439 – Mozilla: Use-after-free in nsTArray Length() during XSLT processing (MFSA 2017-11, MFSA 2017-12)
https://notcve.org/view.php?id=CVE-2017-5439
20 Apr 2017 — A use-after-free vulnerability during XSLT processing due to poor handling of template parameters. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. Vulnerabilidad de uso de memoria previamente liberada durante el procesamiento XSLT debido a la mala gestión de parámetros de plantilla. Esto resulta en un cierre inesperado potencialmente explotable. • http://www.securityfocus.com/bid/103053 • CWE-416: Use After Free •
CVSS: 9.8EPSS: 2%CPEs: 11EXPL: 0CVE-2017-5429 – Mozilla: Memory safety bugs fixed in Firefox 53, Firefox ESR 45.9, and Firefox ESR 52.1 (MFSA 2017-11, MFSA 2017-12)
https://notcve.org/view.php?id=CVE-2017-5429
20 Apr 2017 — Memory safety bugs were reported in Firefox 52, Firefox ESR 45.8, Firefox ESR 52, and Thunderbird 52. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. Se han reportado errores de seguridad de memoria en Firefox 52, Firefox ESR 45.8, Firefox ESR 52 y Thunderbird 52. Algunos de estos errores mostraron... • http://www.securityfocus.com/bid/97940 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 3%CPEs: 18EXPL: 1CVE-2017-5438 – Mozilla: Use-after-free in nsAutoPtr during XSLT processing (MFSA 2017-11, MFSA 2017-12)
https://notcve.org/view.php?id=CVE-2017-5438
20 Apr 2017 — A use-after-free vulnerability during XSLT processing due to the result handler being held by a freed handler during handling. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. Vulnerabilidad de uso de memoria previamente liberada durante el procesamiento XSLT debido a que el gestor de resultados es mantenido por un gestor liberado durante la gestión. Esto resulta en un cierre inesperado potencialmente ex... • http://www.securityfocus.com/bid/97940 • CWE-416: Use After Free •
CVSS: 9.8EPSS: 8%CPEs: 18EXPL: 0CVE-2017-5469 – Mozilla: Potential Buffer overflow in flex-generated code (MFSA 2017-11, MFSA 2017-12)
https://notcve.org/view.php?id=CVE-2017-5469
20 Apr 2017 — Fixed potential buffer overflows in generated Firefox code due to CVE-2016-6354 issue in Flex. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. Se han solucionado potenciales desbordamientos de búfer en el código Firefox generado debido a un problema CVE-2016-6354 en Flex. La vulnerabilidad afecta a Thunderbird en versiones anteriores a la 52.1, Firefox ESR en versiones anteriores a la 45.9, Firefox en versiones anteriores a la 52.1 y Firefox en versio... • http://www.securityfocus.com/bid/97940 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 2%CPEs: 18EXPL: 1CVE-2017-5446 – Mozilla: Out-of-bounds read when HTTP/2 DATA frames are sent with incorrect data (MFSA 2017-11, MFSA 2017-12)
https://notcve.org/view.php?id=CVE-2017-5446
20 Apr 2017 — An out-of-bounds read when an HTTP/2 connection to a servers sends "DATA" frames with incorrect data content. This leads to a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. Lectura fuera de límites cuando una conexión HTTP/2 a un servidor envía frames "DATA" con contenido data erróneo. Esto resulta en un cierre inesperado potencialmente explotable. • http://www.securityfocus.com/bid/97940 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 2%CPEs: 18EXPL: 1CVE-2017-5445 – Mozilla: Uninitialized values used while parsing application/http-index-format content (MFSA 2017-11, MFSA 2017-12)
https://notcve.org/view.php?id=CVE-2017-5445
20 Apr 2017 — A vulnerability while parsing "application/http-index-format" format content where uninitialized values are used to create an array. This could allow the reading of uninitialized memory into the arrays affected. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. Vulnerabilidad al analizar contenido de formato "application/http-index-format" en el que se emplean variables no inicializadas para crear un array. Esto podría permitir la lectura de memoria no ... • http://www.securityfocus.com/bid/97940 • CWE-129: Improper Validation of Array Index •
CVSS: 9.8EPSS: 3%CPEs: 18EXPL: 1CVE-2017-5440 – Mozilla: Use-after-free in txExecutionState destructor during XSLT processing (MFSA 2017-11, MFSA 2017-12)
https://notcve.org/view.php?id=CVE-2017-5440
20 Apr 2017 — A use-after-free vulnerability during XSLT processing due to a failure to propagate error conditions during matching while evaluating context, leading to objects being used when they no longer exist. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. Vulnerabilidad de uso de memoria previamente liberada durante el procesamiento XSLT debido al error para propagar condiciones de error durante el proceso de b... • http://www.securityfocus.com/bid/97940 • CWE-416: Use After Free •
CVSS: 9.8EPSS: 3%CPEs: 17EXPL: 0CVE-2017-5464 – Mozilla: Memory corruption with accessibility and DOM manipulation (MFSA 2017-11, MFSA 2017-12)
https://notcve.org/view.php?id=CVE-2017-5464
20 Apr 2017 — During DOM manipulations of the accessibility tree through script, the DOM tree can become out of sync with the accessibility tree, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. Durante la manipulación DOM del árbol de accesibilidad mediante scripts, el árbol DOM puede desincronizarse con el árbol de accesibilidad, lo que conduce a una corrupción de memoria y a un cierre inesperado po... • http://www.securityfocus.com/bid/97940 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 1%CPEs: 19EXPL: 0CVE-2017-5436 – Mozilla: Out-of-bounds write with malicious font in Graphite 2 (MFSA 2017-11, MFSA 2017-12)
https://notcve.org/view.php?id=CVE-2017-5436
20 Apr 2017 — An out-of-bounds write in the Graphite 2 library triggered with a maliciously crafted Graphite font. This results in a potentially exploitable crash. This issue was fixed in the Graphite 2 library as well as Mozilla products. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. Se desencadena una escritura fuera de límites en la biblioteca Graphite 2 con una fuente Graphite maliciosamente manipulada. • http://www.securityfocus.com/bid/97940 • CWE-787: Out-of-bounds Write •
CVSS: 8.6EPSS: 2%CPEs: 17EXPL: 0CVE-2017-5448 – Mozilla Firefox ClearKeyDecryptor Integer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-5448
20 Apr 2017 — An out-of-bounds write in "ClearKeyDecryptor" while decrypting some Clearkey-encrypted media content. The "ClearKeyDecryptor" code runs within the Gecko Media Plugin (GMP) sandbox. If a second mechanism is found to escape the sandbox, this vulnerability allows for the writing of arbitrary data within memory, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. Escritura fuera de límites en "ClearKeyDecryptor" mientras se descodifi... • http://www.securityfocus.com/bid/97940 • CWE-787: Out-of-bounds Write •