CVE-2017-5434 – Mozilla: Use-after-free during focus handling (MFSA 2017-11, MFSA 2017-12)
https://notcve.org/view.php?id=CVE-2017-5434
A use-after-free vulnerability occurs when redirecting focus handling which results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. Ocurre una vulnerabilidad de uso de memoria previamente liberada al redireccionar la gestión de focus que resulta en un cierre inesperado potencialmente explotable. La vulnerabilidad afecta a Thunderbird en versiones anteriores a la 52.1, Firefox ESR en versiones anteriores a la 45.9, Firefox en versiones anteriores a la 52.1 y Firefox en versiones anteriores a la 53. • http://www.securityfocus.com/bid/97940 http://www.securitytracker.com/id/1038320 https://access.redhat.com/errata/RHSA-2017:1104 https://access.redhat.com/errata/RHSA-2017:1106 https://access.redhat.com/errata/RHSA-2017:1201 https://bugzilla.mozilla.org/show_bug.cgi?id=1349946 https://www.debian.org/security/2017/dsa-3831 https://www.mozilla.org/security/advisories/mfsa2017-10 https://www.mozilla.org/security/advisories/mfsa2017-11 https://www.mozilla.org/security/advisories • CWE-416: Use After Free •
CVE-2017-5436 – Mozilla: Out-of-bounds write with malicious font in Graphite 2 (MFSA 2017-11, MFSA 2017-12)
https://notcve.org/view.php?id=CVE-2017-5436
An out-of-bounds write in the Graphite 2 library triggered with a maliciously crafted Graphite font. This results in a potentially exploitable crash. This issue was fixed in the Graphite 2 library as well as Mozilla products. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. Se desencadena una escritura fuera de límites en la biblioteca Graphite 2 con una fuente Graphite maliciosamente manipulada. • http://www.securityfocus.com/bid/97940 http://www.securitytracker.com/id/1038320 https://access.redhat.com/errata/RHSA-2017:1104 https://access.redhat.com/errata/RHSA-2017:1106 https://access.redhat.com/errata/RHSA-2017:1201 https://bugzilla.mozilla.org/show_bug.cgi?id=1345461 https://security.gentoo.org/glsa/201706-25 https://www.debian.org/security/2017/dsa-3831 https://www.mozilla.org/security/advisories/mfsa2017-10 https://www.mozilla.org/security/advisories/mfsa2017-11 • CWE-787: Out-of-bounds Write •
CVE-2017-5433 – Mozilla: Use-after-free in SMIL animation functions (MFSA 2017-11, MFSA 2017-12)
https://notcve.org/view.php?id=CVE-2017-5433
A use-after-free vulnerability in SMIL animation functions occurs when pointers to animation elements in an array are dropped from the animation controller while still in use. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. Ocurre una vulnerabilidad de uso de memoria previamente liberada en las funciones de animación SMIL cuando los punteros a elementos animation en un array se separan del controlador de animación mientras siguen en uso. Esto resulta en un cierre inesperado potencialmente explotable. • http://www.securityfocus.com/bid/97940 http://www.securitytracker.com/id/1038320 https://access.redhat.com/errata/RHSA-2017:1104 https://access.redhat.com/errata/RHSA-2017:1106 https://access.redhat.com/errata/RHSA-2017:1201 https://bugzilla.mozilla.org/show_bug.cgi?id=1347168 https://www.debian.org/security/2017/dsa-3831 https://www.mozilla.org/security/advisories/mfsa2017-10 https://www.mozilla.org/security/advisories/mfsa2017-11 https://www.mozilla.org/security/advisories • CWE-416: Use After Free •
CVE-2017-5465 – Mozilla Firefox < 53 - 'ConvolvePixel' Memory Disclosure
https://notcve.org/view.php?id=CVE-2017-5465
An out-of-bounds read while processing SVG content in "ConvolvePixel". This results in a crash and also allows for otherwise inaccessible memory being copied into SVG graphic content, which could then displayed. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. Lectura fuera de límites al procesar contenido SVG en "ConvolvePixel". Esto resulta en un cierre inesperado y también permite que memoria normalmente inaccesible se copie en contenido gráfico SVG, que podría mostrarse después. • https://www.exploit-db.com/exploits/42072 http://www.securityfocus.com/bid/97940 http://www.securitytracker.com/id/1038320 https://access.redhat.com/errata/RHSA-2017:1104 https://access.redhat.com/errata/RHSA-2017:1106 https://access.redhat.com/errata/RHSA-2017:1201 https://bugzilla.mozilla.org/show_bug.cgi?id=1347617 https://www.debian.org/security/2017/dsa-3831 https://www.mozilla.org/security/advisories/mfsa2017-10 https://www.mozilla.org/security/advisories/mfsa2017-11& • CWE-125: Out-of-bounds Read •
CVE-2017-5443 – Mozilla: Out-of-bounds write during BinHex decoding (MFSA 2017-11, MFSA 2017-12)
https://notcve.org/view.php?id=CVE-2017-5443
An out-of-bounds write vulnerability while decoding improperly formed BinHex format archives. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. Vulnerabilidad de escritura fuera de límites al descodificar archivos de formato BinHex creados incorrectamente. La vulnerabilidad afecta a Thunderbird en versiones anteriores a la 52.1, Firefox ESR en versiones anteriores a la 45.9, Firefox en versiones anteriores a la 52.1 y Firefox en versiones anteriores a la 53. • http://www.securityfocus.com/bid/97940 http://www.securitytracker.com/id/1038320 https://access.redhat.com/errata/RHSA-2017:1104 https://access.redhat.com/errata/RHSA-2017:1106 https://access.redhat.com/errata/RHSA-2017:1201 https://bugzilla.mozilla.org/show_bug.cgi?id=1342661 https://www.debian.org/security/2017/dsa-3831 https://www.mozilla.org/security/advisories/mfsa2017-10 https://www.mozilla.org/security/advisories/mfsa2017-11 https://www.mozilla.org/security/advisories • CWE-787: Out-of-bounds Write •