CVSS: 9.8EPSS: 0%CPEs: 9EXPL: 0CVE-2018-5187
https://notcve.org/view.php?id=CVE-2018-5187
Memory safety bugs present in Firefox 60 and Firefox ESR 60. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60, Firefox ESR < 60.1, and Firefox < 61. Hay errores de seguridad de memoria en Firefox 60 y Firefox ESR 60. Algunos de estos errores mostraron evidencias de corrupción de memoria y se entiende que, con el suficiente esfuerzo, algunos de estos podrían explotarse para ejecutar código arbitrario. • http://www.securityfocus.com/bid/104556 https://bugzilla.mozilla.org/buglist.cgi?bug_id=1461324%2C1414829%2C1395246%2C1467938%2C1461619%2C1425930%2C1438556%2C1454285%2C1459568%2C1463884 https://lists.debian.org/debian-lts-announce/2018/11/msg00011.html https://security.gentoo.org/glsa/201810-01 https://security.gentoo.org/glsa/201811-13 https://usn.ubuntu.com/3705-1 https://www.debian.org/security/2018/dsa-4295 https://www.mozilla.org/security/advisories/mfsa2018-15 https://www.mozilla.org&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 1%CPEs: 6EXPL: 0CVE-2018-12369
https://notcve.org/view.php?id=CVE-2018-12369
WebExtensions bundled with embedded experiments were not correctly checked for proper authorization. This allowed a malicious WebExtension to gain full browser permissions. This vulnerability affects Firefox ESR < 60.1 and Firefox < 61. Las WebExtensions incluidas con los experimentos embebidos no se comprobaron correctamente en busca de una autorización adecuada. Esto permitía que una WebExtension maliciosa obtenga los permisos totales del navegador. • http://www.securityfocus.com/bid/104561 http://www.securitytracker.com/id/1041193 https://bugzilla.mozilla.org/show_bug.cgi?id=1454909 https://security.gentoo.org/glsa/201810-01 https://usn.ubuntu.com/3705-1 https://www.mozilla.org/security/advisories/mfsa2018-15 https://www.mozilla.org/security/advisories/mfsa2018-16 • CWE-863: Incorrect Authorization •
CVSS: 8.8EPSS: 0%CPEs: 9EXPL: 0CVE-2018-12361
https://notcve.org/view.php?id=CVE-2018-12361
An integer overflow can occur in the SwizzleData code while calculating buffer sizes. The overflowed value is used for subsequent graphics computations when their inputs are not sanitized which results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Firefox ESR < 60.1, and Firefox < 61. Puede ocurrir un desbordamiento de enteros en el código SwizzleData al calcular tamaños de búfer. El valor desbordado se emplea para posteriores cálculos de gráficos cuando sus entradas no se sanean, lo que resulta en un cierre inesperado potencialmente explotable. • http://www.securityfocus.com/bid/104558 http://www.securitytracker.com/id/1041193 https://bugzilla.mozilla.org/show_bug.cgi?id=1463244 https://lists.debian.org/debian-lts-announce/2018/11/msg00011.html https://security.gentoo.org/glsa/201810-01 https://security.gentoo.org/glsa/201811-13 https://usn.ubuntu.com/3705-1 https://www.debian.org/security/2018/dsa-4295 https://www.mozilla.org/security/advisories/mfsa2018-15 https://www.mozilla.org/security/advisories/mfsa2018-16&# • CWE-190: Integer Overflow or Wraparound •
CVSS: 9.8EPSS: 1%CPEs: 5EXPL: 1CVE-2018-5186
https://notcve.org/view.php?id=CVE-2018-5186
Memory safety bugs present in Firefox 60. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 61. Hay errores de seguridad de memoria en Firefox 60. Algunos de estos errores mostraron evidencias de corrupción de memoria y se entiende que, con el suficiente esfuerzo, algunos de estos podrían explotarse para ejecutar código arbitrario. • http://www.securityfocus.com/bid/104557 http://www.securitytracker.com/id/1041193 https://bugzilla.mozilla.org/buglist.cgi?bug_id=1464872%2C1463329%2C1419373%2C1412882%2C1413033%2C1444673%2C1454448%2C1453505%2C1438671 https://security.gentoo.org/glsa/201810-01 https://usn.ubuntu.com/3705-1 https://www.mozilla.org/security/advisories/mfsa2018-15 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2018-12370
https://notcve.org/view.php?id=CVE-2018-12370
In Reader View SameSite cookie protections are not checked on exiting. This allows for a payload to be triggered when Reader View is exited if loaded by a malicious site while Reader mode is active, bypassing CSRF protections. This vulnerability affects Firefox < 61. En Reader View, las protecciones de la cookie SameSite no se comprueban al salir. Esto permite que se desencadene una carga útil cuando se sale de Reader View si se carga desde un sitio malicioso cuando el modo Reader está activo, omitiendo las protecciones CSRF. • http://www.securitytracker.com/id/1041193 https://bugzilla.mozilla.org/show_bug.cgi?id=1456652 https://security.gentoo.org/glsa/201810-01 https://usn.ubuntu.com/3705-1 https://www.mozilla.org/security/advisories/mfsa2018-15 • CWE-352: Cross-Site Request Forgery (CSRF) •