CVSS: 10.0EPSS: 0%CPEs: 14EXPL: 0CVE-2017-7779 – Mozilla: Memory safety bugs fixed in Firefox 55 and Firefox ESR 52.3 (MFSA 2017-19)
https://notcve.org/view.php?id=CVE-2017-7779
Memory safety bugs were reported in Firefox 54, Firefox ESR 52.2, and Thunderbird 52.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. Se han reportado errores de seguridad de memoria en Firefox 54, Firefox ESR 52.2, y Thunderbird 52.2. Algunos de estos errores mostraron evidencias de corrupción de memoria y se entiende que, con el suficiente esfuerzo, algunos de estos podrían explotarse para ejecutar código arbitrario. • http://www.securityfocus.com/bid/100201 http://www.securitytracker.com/id/1039124 https://access.redhat.com/errata/RHSA-2017:2456 https://access.redhat.com/errata/RHSA-2017:2534 https://bugzilla.mozilla.org/buglist.cgi?bug_id=1354443%2C1368576%2C1366903%2C1369913%2C1371424%2C1346590%2C1371890%2C1372985%2C1362924%2C1368105%2C1369994%2C1371283%2C1368362%2C1378826%2C1380426%2C1368030%2C1373220%2C1321384%2C1383002 https://security.gentoo.org/glsa/201803-14 https://www.debian.org/security/2017/dsa-3928 https://www.deb • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 22EXPL: 1CVE-2017-7787 – Mozilla: Same-origin policy bypass with iframes through page reloads (MFSA 2017-19)
https://notcve.org/view.php?id=CVE-2017-7787
Same-origin policy protections can be bypassed on pages with embedded iframes during page reloads, allowing the iframes to access content on the top level page, leading to information disclosure. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. Las protecciones de política del mismo origen se pueden omitir en páginas con iframes embebidos durante la recarga de páginas, lo que permite que los iframes accedan a contenido en la página de nivel más alto, lo que conduce a una divulgación de información. La vulnerabilidad afecta a Thunderbird en versiones anteriores a la 52.3, Firefox ESR en versiones anteriores a la 52.3 y Firefox en versiones anteriores a la 55. • http://www.securityfocus.com/bid/100234 http://www.securitytracker.com/id/1039124 https://access.redhat.com/errata/RHSA-2017:2456 https://access.redhat.com/errata/RHSA-2017:2534 https://bugzilla.mozilla.org/show_bug.cgi?id=1322896 https://security.gentoo.org/glsa/201803-14 https://www.debian.org/security/2017/dsa-3928 https://www.debian.org/security/2017/dsa-3968 https://www.mozilla.org/security/advisories/mfsa2017-18 https://www.mozilla.org/security/advisories/mfsa2017-19 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-863: Incorrect Authorization •
CVSS: 9.8EPSS: 1%CPEs: 22EXPL: 1CVE-2017-7792 – Mozilla: Buffer overflow viewing certificates with long OID (MFSA 2017-19)
https://notcve.org/view.php?id=CVE-2017-7792
A buffer overflow will occur when viewing a certificate in the certificate manager if the certificate has an extremely long object identifier (OID). This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. Ocurrirá un desbordamiento de búfer al ver un certificado en el gestor de certificados si el certificado tiene un OID (Object Identifier) o identificador de objeto demasiado largo. Esto resulta en un cierre inesperado potencialmente explotable. • http://www.securityfocus.com/bid/100206 http://www.securitytracker.com/id/1039124 https://access.redhat.com/errata/RHSA-2017:2456 https://access.redhat.com/errata/RHSA-2017:2534 https://bugzilla.mozilla.org/show_bug.cgi?id=1368652 https://security.gentoo.org/glsa/201803-14 https://www.debian.org/security/2017/dsa-3928 https://www.debian.org/security/2017/dsa-3968 https://www.mozilla.org/security/advisories/mfsa2017-18 https://www.mozilla.org/security/advisories/mfsa2017-19 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 9.1EPSS: 0%CPEs: 18EXPL: 1CVE-2017-7753 – Mozilla: Out-of-bounds read with cached style data and pseudo-elements (MFSA 2017-19)
https://notcve.org/view.php?id=CVE-2017-7753
An out-of-bounds read occurs when applying style rules to pseudo-elements, such as ::first-line, using cached style data. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. Ocurre una lectura fuera de límites al aplicar reglas de estilo a pseudo-elementos, como ::first-line, mediante el uso de datos de estilo en caché. La vulnerabilidad afecta a Thunderbird en versiones anteriores a la 52.3, Firefox ESR en versiones anteriores a la 52.3 y Firefox en versiones anteriores a la 55. • http://www.securityfocus.com/bid/100315 http://www.securitytracker.com/id/1039124 https://access.redhat.com/errata/RHSA-2017:2456 https://access.redhat.com/errata/RHSA-2017:2534 https://bugzilla.mozilla.org/show_bug.cgi?id=1353312 https://security.gentoo.org/glsa/201803-14 https://www.debian.org/security/2017/dsa-3928 https://www.debian.org/security/2017/dsa-3968 https://www.mozilla.org/security/advisories/mfsa2017-18 https://www.mozilla.org/security/advisories/mfsa2017-19 • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 1%CPEs: 23EXPL: 1CVE-2017-7786 – Mozilla: Buffer overflow while painting non-displayable SVG (MFSA 2017-19)
https://notcve.org/view.php?id=CVE-2017-7786
A buffer overflow can occur when the image renderer attempts to paint non-displayable SVG elements. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. Puede ocurrir un desbordamiento de búfer cuando el renderizador de imagen intenta pintar elementos SVG no mostrables. Esto resulta en un cierre inesperado potencialmente explotable. • http://www.securityfocus.com/bid/100206 http://www.securitytracker.com/id/1039124 https://access.redhat.com/errata/RHSA-2017:2456 https://access.redhat.com/errata/RHSA-2017:2534 https://bugzilla.mozilla.org/show_bug.cgi?id=1365189 https://security.gentoo.org/glsa/201803-14 https://www.debian.org/security/2017/dsa-3928 https://www.debian.org/security/2017/dsa-3968 https://www.mozilla.org/security/advisories/mfsa2017-18 https://www.mozilla.org/security/advisories/mfsa2017-19 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •