CVE-2017-5462
https://notcve.org/view.php?id=CVE-2017-5462
A flaw in DRBG number generation within the Network Security Services (NSS) library where the internal state V does not correctly carry bits over. The NSS library has been updated to fix this issue to address this issue and Firefox ESR 52.1 has been updated with NSS version 3.28.4. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. Error en la generación de números DRBG en la biblioteca Network Security Services (NSS) cuando el V de estado interno no transporta bits correctamente. La biblioteca NSS ha sido actualizada para solucionar este problema y Firefox ESR 52.1 ha sido actualizado con la versión 3.28.4 de NSS. • http://www.securityfocus.com/bid/97940 http://www.securitytracker.com/id/1038320 https://bugzilla.mozilla.org/show_bug.cgi?id=1345089 https://security.gentoo.org/glsa/201705-04 https://www.debian.org/security/2017/dsa-3831 https://www.debian.org/security/2017/dsa-3872 https://www.mozilla.org/security/advisories/mfsa2017-10 https://www.mozilla.org/security/advisories/mfsa2017-11 https://www.mozilla.org/security/advisories/mfsa2017-12 https://www.mozilla.org/security/advisories • CWE-682: Incorrect Calculation •
CVE-2017-5440 – Mozilla: Use-after-free in txExecutionState destructor during XSLT processing (MFSA 2017-11, MFSA 2017-12)
https://notcve.org/view.php?id=CVE-2017-5440
A use-after-free vulnerability during XSLT processing due to a failure to propagate error conditions during matching while evaluating context, leading to objects being used when they no longer exist. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. Vulnerabilidad de uso de memoria previamente liberada durante el procesamiento XSLT debido al error para propagar condiciones de error durante el proceso de búsqueda de coincidencias mientras se evalúa el contexto, lo que conduce a que se empleen objetos cuando ya no existen. Esto resulta en un cierre inesperado potencialmente explotable. • http://www.securityfocus.com/bid/97940 http://www.securitytracker.com/id/1038320 https://access.redhat.com/errata/RHSA-2017:1104 https://access.redhat.com/errata/RHSA-2017:1106 https://access.redhat.com/errata/RHSA-2017:1201 https://bugzilla.mozilla.org/show_bug.cgi?id=1336832 https://www.debian.org/security/2017/dsa-3831 https://www.mozilla.org/security/advisories/mfsa2017-10 https://www.mozilla.org/security/advisories/mfsa2017-11 https://www.mozilla.org/security/advisories • CWE-416: Use After Free •
CVE-2017-5435 – Mozilla: Use-after-free during transaction processing in the editor (MFSA 2017-11, MFSA 2017-12)
https://notcve.org/view.php?id=CVE-2017-5435
A use-after-free vulnerability occurs during transaction processing in the editor during design mode interactions. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. Ocurre una vulnerabilidad de uso de memoria previamente liberada durante el procesamiento de transacciones en el editor durante las interacciones del modo de diseño. Esto resulta en un cierre inesperado potencialmente explotable. • http://www.securityfocus.com/bid/97940 http://www.securitytracker.com/id/1038320 https://access.redhat.com/errata/RHSA-2017:1104 https://access.redhat.com/errata/RHSA-2017:1106 https://access.redhat.com/errata/RHSA-2017:1201 https://bugzilla.mozilla.org/show_bug.cgi?id=1350683 https://www.debian.org/security/2017/dsa-3831 https://www.mozilla.org/security/advisories/mfsa2017-10 https://www.mozilla.org/security/advisories/mfsa2017-11 https://www.mozilla.org/security/advisories • CWE-416: Use After Free •
CVE-2017-5446 – Mozilla: Out-of-bounds read when HTTP/2 DATA frames are sent with incorrect data (MFSA 2017-11, MFSA 2017-12)
https://notcve.org/view.php?id=CVE-2017-5446
An out-of-bounds read when an HTTP/2 connection to a servers sends "DATA" frames with incorrect data content. This leads to a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. Lectura fuera de límites cuando una conexión HTTP/2 a un servidor envía frames "DATA" con contenido data erróneo. Esto resulta en un cierre inesperado potencialmente explotable. • http://www.securityfocus.com/bid/97940 http://www.securitytracker.com/id/1038320 https://access.redhat.com/errata/RHSA-2017:1104 https://access.redhat.com/errata/RHSA-2017:1106 https://access.redhat.com/errata/RHSA-2017:1201 https://bugzilla.mozilla.org/show_bug.cgi?id=1343505 https://www.debian.org/security/2017/dsa-3831 https://www.mozilla.org/security/advisories/mfsa2017-10 https://www.mozilla.org/security/advisories/mfsa2017-11 https://www.mozilla.org/security/advisories • CWE-125: Out-of-bounds Read •
CVE-2017-5432 – Mozilla: Use-after-free in text input selection (MFSA 2017-11, MFSA 2017-12)
https://notcve.org/view.php?id=CVE-2017-5432
A use-after-free vulnerability occurs during certain text input selection resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. Ocurre una vulnerabilidad de uso de memoria previamente liberada durante determinadas selecciones de entrada de texto que resulta en un cierre inesperado potencialmente explotable. La vulnerabilidad afecta a Thunderbird en versiones anteriores a la 52.1, Firefox ESR en versiones anteriores a la 45.9, Firefox en versiones anteriores a la 52.1 y Firefox en versiones anteriores a la 53. • http://www.securityfocus.com/bid/97940 http://www.securitytracker.com/id/1038320 https://access.redhat.com/errata/RHSA-2017:1104 https://access.redhat.com/errata/RHSA-2017:1106 https://access.redhat.com/errata/RHSA-2017:1201 https://bugzilla.mozilla.org/show_bug.cgi?id=1346654 https://www.debian.org/security/2017/dsa-3831 https://www.mozilla.org/security/advisories/mfsa2017-10 https://www.mozilla.org/security/advisories/mfsa2017-11 https://www.mozilla.org/security/advisories • CWE-416: Use After Free •