CVSS: 4.3EPSS: 0%CPEs: 25EXPL: 0CVE-2017-3533 – OpenJDK: newline injection in the FTP client (Networking, 8170222)
https://notcve.org/view.php?id=CVE-2017-3533
21 Apr 2017 — Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via FTP to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded,... • http://www.debian.org/security/2017/dsa-3858 • CWE-20: Improper Input Validation •
CVSS: 3.1EPSS: 0%CPEs: 24EXPL: 0CVE-2017-3539 – OpenJDK: MD5 allowed for jar verification (Security, 8171121)
https://notcve.org/view.php?id=CVE-2017-3539
21 Apr 2017 — Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, i... • http://www.debian.org/security/2017/dsa-3858 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 4.3EPSS: 0%CPEs: 33EXPL: 0CVE-2017-3544 – OpenJDK: newline injection in the SMTP client (Networking, 8171533)
https://notcve.org/view.php?id=CVE-2017-3544
21 Apr 2017 — Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SMTP to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded... • http://www.debian.org/security/2017/dsa-3858 • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 16EXPL: 1CVE-2017-5451 – Mozilla: Addressbar spoofing with onblur event (MFSA 2017-12)
https://notcve.org/view.php?id=CVE-2017-5451
21 Apr 2017 — A mechanism to spoof the addressbar through the user interaction on the addressbar and the "onblur" event. The event could be used by script to affect text display to make the loaded site appear to be different from the one actually loaded within the addressbar. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53. Mecanismo para suplantar la barra de direcciones mediante interacción del usuario en la barra de direcciones y el evento "onblur". El evento podría ser utilizado po... • http://www.securityfocus.com/bid/97940 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 16EXPL: 0CVE-2017-5454 – Mozilla: Sandbox escape allowing file system read access through file picker (MFSA 2017-12)
https://notcve.org/view.php?id=CVE-2017-5454
21 Apr 2017 — A mechanism to bypass file system access protections in the sandbox to use the file picker to access different files than those selected in the file picker through the use of relative paths. This allows for read only access to the local file system. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53. Mecanismo para omitir las protecciones de acceso al sistema de archivos en el sandbox para emplear el picker de archivos para acceder a diferentes archivos que los seleccionados... • http://www.securityfocus.com/bid/97940 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 2%CPEs: 11EXPL: 1CVE-2017-5455 – Mozilla: Sandbox escape through internal feed reader APIs (MFSA 2017-12)
https://notcve.org/view.php?id=CVE-2017-5455
21 Apr 2017 — The internal feed reader APIs that crossed the sandbox barrier allowed for a sandbox escape and escalation of privilege if combined with another vulnerability that resulted in remote code execution inside the sandboxed process. This vulnerability affects Firefox ESR < 52.1 and Firefox < 53. Las API del lector de feeds interno que cruzaron la barrera del sandbox permitieron un escape del sandbox y un escalado de privilegios si se combinaban con otra vulnerabilidad que resultaba en la ejecución remota de códi... • http://www.securityfocus.com/bid/97940 •
CVSS: 9.8EPSS: 2%CPEs: 11EXPL: 1CVE-2017-5456 – Mozilla: Sandbox escape allowing local file system read access (MFSA 2017-12)
https://notcve.org/view.php?id=CVE-2017-5456
21 Apr 2017 — A mechanism to bypass file system access protections in the sandbox using the file system request constructor through an IPC message. This allows for read and write access to the local file system. This vulnerability affects Firefox ESR < 52.1 and Firefox < 53. Mecanismo para omitir las protecciones de acceso al sistema de archivos en el sandbox mediante el constructor de peticiones al sistema de archivos mediante un mensaje IPC. Esto permite acceso de lectura y escritura al sistema de archivos local. • http://www.securityfocus.com/bid/97940 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 6.1EPSS: 0%CPEs: 16EXPL: 1CVE-2017-5466 – Mozilla: Origin confusion when reloading isolated data:text/html URL (MFSA 2017-12)
https://notcve.org/view.php?id=CVE-2017-5466
21 Apr 2017 — If a page is loaded from an original site through a hyperlink and contains a redirect to a "data:text/html" URL, triggering a reload will run the reloaded "data:text/html" page with its origin set incorrectly. This allows for a cross-site scripting (XSS) attack. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53. Si se carga una página desde un sitio original mediante un hipervínculo y contiene una redirección a una URL "data:text/html", desencadenar una recarga ejecutará la... • http://www.securityfocus.com/bid/97940 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 3%CPEs: 18EXPL: 0CVE-2017-5432 – Mozilla: Use-after-free in text input selection (MFSA 2017-11, MFSA 2017-12)
https://notcve.org/view.php?id=CVE-2017-5432
20 Apr 2017 — A use-after-free vulnerability occurs during certain text input selection resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. Ocurre una vulnerabilidad de uso de memoria previamente liberada durante determinadas selecciones de entrada de texto que resulta en un cierre inesperado potencialmente explotable. La vulnerabilidad afecta a Thunderbird en versiones anteriores a la 52.1, Firefox ESR en versiones anterio... • http://www.securityfocus.com/bid/97940 • CWE-416: Use After Free •
CVSS: 9.8EPSS: 3%CPEs: 18EXPL: 1CVE-2017-5433 – Mozilla: Use-after-free in SMIL animation functions (MFSA 2017-11, MFSA 2017-12)
https://notcve.org/view.php?id=CVE-2017-5433
20 Apr 2017 — A use-after-free vulnerability in SMIL animation functions occurs when pointers to animation elements in an array are dropped from the animation controller while still in use. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. Ocurre una vulnerabilidad de uso de memoria previamente liberada en las funciones de animación SMIL cuando los punteros a elementos animation en un array se separan del controlador d... • http://www.securityfocus.com/bid/97940 • CWE-416: Use After Free •