Page 106 of 1065 results (0.008 seconds)

CVSS: 7.5EPSS: 0%CPEs: 14EXPL: 1

CVE-2017-7803 – Mozilla: CSP directives improperly applied with sandbox flag in iframes (MFSA 2017-19)

https://notcve.org/view.php?id=CVE-2017-7803

When a page's content security policy (CSP) header contains a "sandbox" directive, other directives are ignored. This results in the incorrect enforcement of CSP. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. Cuando la cabecera CSP (Content Security Policy) de una página contiene una directiva "sandbox", se ignoran otras directivas. Esto resulta en el cumplimiento incorrecto de CSP. • http://www.securityfocus.com/bid/100234 http://www.securitytracker.com/id/1039124 https://access.redhat.com/errata/RHSA-2017:2456 https://access.redhat.com/errata/RHSA-2017:2534 https://bugzilla.mozilla.org/show_bug.cgi?id=1377426 https://security.gentoo.org/glsa/201803-14 https://www.debian.org/security/2017/dsa-3928 https://www.debian.org/security/2017/dsa-3968 https://www.mozilla.org/security/advisories/mfsa2017-18 https://www.mozilla.org/security/advisories/mfsa2017-19 • CWE-269: Improper Privilege Management CWE-863: Incorrect Authorization •

CVSS: 9.8EPSS: 0%CPEs: 18EXPL: 1

CVE-2017-7800 – Mozilla: Use-after-free in WebSockets during disconnection (MFSA 2017-19)

https://notcve.org/view.php?id=CVE-2017-7800

A use-after-free vulnerability can occur in WebSockets when the object holding the connection is freed before the disconnection operation is finished. This results in an exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. Puede ocurrir una vulnerabilidad de uso de memoria previamente liberada en WebSockets cuando el objeto que mantiene la conexión se libera antes de que concluya la operación de desconexión. Esto resulta en un cierre inesperado explotable. • http://www.securityfocus.com/bid/100196 http://www.securitytracker.com/id/1039124 https://access.redhat.com/errata/RHSA-2017:2456 https://access.redhat.com/errata/RHSA-2017:2534 https://bugzilla.mozilla.org/show_bug.cgi?id=1374047 https://security.gentoo.org/glsa/201803-14 https://www.debian.org/security/2017/dsa-3928 https://www.debian.org/security/2017/dsa-3968 https://www.mozilla.org/security/advisories/mfsa2017-18 https://www.mozilla.org/security/advisories/mfsa2017-19 • CWE-416: Use After Free •

CVSS: 9.8EPSS: 0%CPEs: 18EXPL: 1

CVE-2017-7802 – Mozilla: Use-after-free resizing image elements (MFSA 2017-19)

https://notcve.org/view.php?id=CVE-2017-7802

A use-after-free vulnerability can occur when manipulating the DOM during the resize event of an image element. If these elements have been freed due to a lack of strong references, a potentially exploitable crash may occur when the freed elements are accessed. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. Puede ocurrir una vulnerabilidad de uso de memoria previamente liberada cuando se manipula el DOM durante el evento de redimensionamiento de un elemento "image". Si estos elementos se han liberado por la flta de referencias robustas, podría ocurrir un cierre inesperado potencialmente explotable cuando se acceden a los elementos liberados. • http://www.securityfocus.com/bid/100202 http://www.securitytracker.com/id/1039124 https://access.redhat.com/errata/RHSA-2017:2456 https://access.redhat.com/errata/RHSA-2017:2534 https://bugzilla.mozilla.org/show_bug.cgi?id=1378147 https://security.gentoo.org/glsa/201803-14 https://www.debian.org/security/2017/dsa-3928 https://www.debian.org/security/2017/dsa-3968 https://www.mozilla.org/security/advisories/mfsa2017-18 https://www.mozilla.org/security/advisories/mfsa2017-19 • CWE-416: Use After Free •

CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0

CVE-2017-7778 – Mozilla: Vulnerabilities in the Graphite 2 library (MFSA 2017-16)

https://notcve.org/view.php?id=CVE-2017-7778

A number of security vulnerabilities in the Graphite 2 library including out-of-bounds reads, buffer overflow reads and writes, and the use of uninitialized memory. These issues were addressed in Graphite 2 version 1.3.10. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. Hay una serie de vulnerabilidades de seguridad en la biblioteca Graphite 2, incluyendo lecturas fuera de límites, lecturas y escrituras por desbordamiento de búfer y el uso de memoria no inicializada. Estos problemas fueron abordados en la versión 1.3.10 de Graphite 2. • http://www.securityfocus.com/bid/99057 http://www.securitytracker.com/id/1038689 https://access.redhat.com/errata/RHSA-2017:1440 https://access.redhat.com/errata/RHSA-2017:1561 https://access.redhat.com/errata/RHSA-2017:1793 https://bugzilla.mozilla.org/show_bug.cgi?id=1349310 https://bugzilla.mozilla.org/show_bug.cgi?id=1350047 https://bugzilla.mozilla.org/show_bug.cgi?id=1352745 https://bugzilla.mozilla.org/show_bug.cgi?id=1352747 https://bugzilla.mozilla.org/show_bug • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •

CVSS: 9.8EPSS: 0%CPEs: 18EXPL: 0

CVE-2017-5472 – Mozilla: Use-after-free using destroyed node when regenerating trees (MFSA 2017-16)

https://notcve.org/view.php?id=CVE-2017-5472

A use-after-free vulnerability with the frameloader during tree reconstruction while regenerating CSS layout when attempting to use a node in the tree that no longer exists. This results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. Vulnerabilidad de uso de memoria previamente liberada en el frameloader durante la reconstrucción de árboles cuando se regenera el diseño CSS al intentar emplear un nodo en el árbol que ya no existe. Esto resulta en un cierre inesperado potencialmente explotable. • http://www.securityfocus.com/bid/99040 http://www.securitytracker.com/id/1038689 https://access.redhat.com/errata/RHSA-2017:1440 https://access.redhat.com/errata/RHSA-2017:1561 https://bugzilla.mozilla.org/show_bug.cgi?id=1365602 https://www.debian.org/security/2017/dsa-3881 https://www.debian.org/security/2017/dsa-3918 https://www.mozilla.org/security/advisories/mfsa2017-15 https://www.mozilla.org/security/advisories/mfsa2017-16 https://www.mozilla.org/security/advisories • CWE-416: Use After Free •