CVSS: 9.8EPSS: 0%CPEs: 18EXPL: 0CVE-2017-5435 – Mozilla: Use-after-free during transaction processing in the editor (MFSA 2017-11, MFSA 2017-12)
https://notcve.org/view.php?id=CVE-2017-5435
A use-after-free vulnerability occurs during transaction processing in the editor during design mode interactions. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. Ocurre una vulnerabilidad de uso de memoria previamente liberada durante el procesamiento de transacciones en el editor durante las interacciones del modo de diseño. Esto resulta en un cierre inesperado potencialmente explotable. • http://www.securityfocus.com/bid/97940 http://www.securitytracker.com/id/1038320 https://access.redhat.com/errata/RHSA-2017:1104 https://access.redhat.com/errata/RHSA-2017:1106 https://access.redhat.com/errata/RHSA-2017:1201 https://bugzilla.mozilla.org/show_bug.cgi?id=1350683 https://www.debian.org/security/2017/dsa-3831 https://www.mozilla.org/security/advisories/mfsa2017-10 https://www.mozilla.org/security/advisories/mfsa2017-11 https://www.mozilla.org/security/advisories&#x • CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 18EXPL: 1CVE-2017-5445 – Mozilla: Uninitialized values used while parsing application/http-index-format content (MFSA 2017-11, MFSA 2017-12)
https://notcve.org/view.php?id=CVE-2017-5445
A vulnerability while parsing "application/http-index-format" format content where uninitialized values are used to create an array. This could allow the reading of uninitialized memory into the arrays affected. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. Vulnerabilidad al analizar contenido de formato "application/http-index-format" en el que se emplean variables no inicializadas para crear un array. Esto podría permitir la lectura de memoria no inicializada en los arrays afectados. • http://www.securityfocus.com/bid/97940 http://www.securitytracker.com/id/1038320 https://access.redhat.com/errata/RHSA-2017:1104 https://access.redhat.com/errata/RHSA-2017:1106 https://access.redhat.com/errata/RHSA-2017:1201 https://bugzilla.mozilla.org/show_bug.cgi?id=1344467 https://www.debian.org/security/2017/dsa-3831 https://www.mozilla.org/security/advisories/mfsa2017-10 https://www.mozilla.org/security/advisories/mfsa2017-11 https://www.mozilla.org/security/advisories&#x • CWE-129: Improper Validation of Array Index •
CVSS: 9.8EPSS: 0%CPEs: 18EXPL: 1CVE-2017-5439 – Mozilla: Use-after-free in nsTArray Length() during XSLT processing (MFSA 2017-11, MFSA 2017-12)
https://notcve.org/view.php?id=CVE-2017-5439
A use-after-free vulnerability during XSLT processing due to poor handling of template parameters. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. Vulnerabilidad de uso de memoria previamente liberada durante el procesamiento XSLT debido a la mala gestión de parámetros de plantilla. Esto resulta en un cierre inesperado potencialmente explotable. • http://www.securityfocus.com/bid/103053 http://www.securityfocus.com/bid/97940 http://www.securitytracker.com/id/1038320 https://access.redhat.com/errata/RHSA-2017:1104 https://access.redhat.com/errata/RHSA-2017:1106 https://access.redhat.com/errata/RHSA-2017:1201 https://bugzilla.mozilla.org/show_bug.cgi?id=1336830 https://www.debian.org/security/2017/dsa-3831 https://www.mozilla.org/security/advisories/mfsa2017-10 https://www.mozilla.org/security/advisories/mfsa2017-11 ht • CWE-416: Use After Free •
CVSS: 9.8EPSS: 0%CPEs: 18EXPL: 1CVE-2017-5446 – Mozilla: Out-of-bounds read when HTTP/2 DATA frames are sent with incorrect data (MFSA 2017-11, MFSA 2017-12)
https://notcve.org/view.php?id=CVE-2017-5446
An out-of-bounds read when an HTTP/2 connection to a servers sends "DATA" frames with incorrect data content. This leads to a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. Lectura fuera de límites cuando una conexión HTTP/2 a un servidor envía frames "DATA" con contenido data erróneo. Esto resulta en un cierre inesperado potencialmente explotable. • http://www.securityfocus.com/bid/97940 http://www.securitytracker.com/id/1038320 https://access.redhat.com/errata/RHSA-2017:1104 https://access.redhat.com/errata/RHSA-2017:1106 https://access.redhat.com/errata/RHSA-2017:1201 https://bugzilla.mozilla.org/show_bug.cgi?id=1343505 https://www.debian.org/security/2017/dsa-3831 https://www.mozilla.org/security/advisories/mfsa2017-10 https://www.mozilla.org/security/advisories/mfsa2017-11 https://www.mozilla.org/security/advisories&#x • CWE-125: Out-of-bounds Read •
CVSS: 9.1EPSS: 1%CPEs: 18EXPL: 2CVE-2017-5465 – Mozilla Firefox < 53 - 'ConvolvePixel' Memory Disclosure
https://notcve.org/view.php?id=CVE-2017-5465
An out-of-bounds read while processing SVG content in "ConvolvePixel". This results in a crash and also allows for otherwise inaccessible memory being copied into SVG graphic content, which could then displayed. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. Lectura fuera de límites al procesar contenido SVG en "ConvolvePixel". Esto resulta en un cierre inesperado y también permite que memoria normalmente inaccesible se copie en contenido gráfico SVG, que podría mostrarse después. • https://www.exploit-db.com/exploits/42072 http://www.securityfocus.com/bid/97940 http://www.securitytracker.com/id/1038320 https://access.redhat.com/errata/RHSA-2017:1104 https://access.redhat.com/errata/RHSA-2017:1106 https://access.redhat.com/errata/RHSA-2017:1201 https://bugzilla.mozilla.org/show_bug.cgi?id=1347617 https://www.debian.org/security/2017/dsa-3831 https://www.mozilla.org/security/advisories/mfsa2017-10 https://www.mozilla.org/security/advisories/mfsa2017-11& • CWE-125: Out-of-bounds Read •