CVSS: 9.8EPSS: 0%CPEs: 9EXPL: 0CVE-2018-5187
https://notcve.org/view.php?id=CVE-2018-5187
Memory safety bugs present in Firefox 60 and Firefox ESR 60. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60, Firefox ESR < 60.1, and Firefox < 61. Hay errores de seguridad de memoria en Firefox 60 y Firefox ESR 60. Algunos de estos errores mostraron evidencias de corrupción de memoria y se entiende que, con el suficiente esfuerzo, algunos de estos podrían explotarse para ejecutar código arbitrario. • http://www.securityfocus.com/bid/104556 https://bugzilla.mozilla.org/buglist.cgi?bug_id=1461324%2C1414829%2C1395246%2C1467938%2C1461619%2C1425930%2C1438556%2C1454285%2C1459568%2C1463884 https://lists.debian.org/debian-lts-announce/2018/11/msg00011.html https://security.gentoo.org/glsa/201810-01 https://security.gentoo.org/glsa/201811-13 https://usn.ubuntu.com/3705-1 https://www.debian.org/security/2018/dsa-4295 https://www.mozilla.org/security/advisories/mfsa2018-15 https://www.mozilla.org&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 0%CPEs: 9EXPL: 0CVE-2018-12367
https://notcve.org/view.php?id=CVE-2018-12367
In the previous mitigations for Spectre, the resolution or precision of various methods was reduced to counteract the ability to measure precise time intervals. In that work PerformanceNavigationTiming was not adjusted but it was found that it could be used as a precision timer. This vulnerability affects Thunderbird < 60, Firefox ESR < 60.1, and Firefox < 61. En las mitigaciones anteriores para Spectre, la resolución o precisión de varios métodos se redujo para contrarrestar la capacidad de medir intervalos de tiempo precisos. En ese trabajo, no se ajustó PerformanceNavigationTiming, pero se descubrió que podría emplearse como temporizador de precisión. • http://www.securityfocus.com/bid/104561 http://www.securitytracker.com/id/1041193 https://bugzilla.mozilla.org/show_bug.cgi?id=1462891 https://lists.debian.org/debian-lts-announce/2018/11/msg00011.html https://security.gentoo.org/glsa/201810-01 https://security.gentoo.org/glsa/201811-13 https://usn.ubuntu.com/3705-1 https://www.debian.org/security/2018/dsa-4295 https://www.mozilla.org/security/advisories/mfsa2018-15 https://www.mozilla.org/security/advisories/mfsa2018-16&# • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 1%CPEs: 6EXPL: 0CVE-2018-12369
https://notcve.org/view.php?id=CVE-2018-12369
WebExtensions bundled with embedded experiments were not correctly checked for proper authorization. This allowed a malicious WebExtension to gain full browser permissions. This vulnerability affects Firefox ESR < 60.1 and Firefox < 61. Las WebExtensions incluidas con los experimentos embebidos no se comprobaron correctamente en busca de una autorización adecuada. Esto permitía que una WebExtension maliciosa obtenga los permisos totales del navegador. • http://www.securityfocus.com/bid/104561 http://www.securitytracker.com/id/1041193 https://bugzilla.mozilla.org/show_bug.cgi?id=1454909 https://security.gentoo.org/glsa/201810-01 https://usn.ubuntu.com/3705-1 https://www.mozilla.org/security/advisories/mfsa2018-15 https://www.mozilla.org/security/advisories/mfsa2018-16 • CWE-863: Incorrect Authorization •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 1CVE-2018-12371
https://notcve.org/view.php?id=CVE-2018-12371
An integer overflow vulnerability in the Skia library when allocating memory for edge builders on some systems with at least 16 GB of RAM. This results in the use of uninitialized memory, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR < 60.1, Thunderbird < 60, and Firefox < 61. Una vulnerabilidad de desbordamiento de enteros en la biblioteca Skia al asignar memoria para constructores de bordes en algunos sistemas con al menos 16 GB de RAM. Esto resulta en el uso de memoria no inicializada, resultando en un bloqueo potencialmente explotable. • https://bugzilla.mozilla.org/show_bug.cgi?id=1465686 https://www.mozilla.org/security/advisories/mfsa2018-15 https://www.mozilla.org/security/advisories/mfsa2018-16 https://www.mozilla.org/security/advisories/mfsa2018-19 • CWE-190: Integer Overflow or Wraparound •
CVSS: 9.8EPSS: 0%CPEs: 20EXPL: 0CVE-2018-5188 – Mozilla: Memory safety bugs fixed in Firefox 61, Firefox ESR 60.1, and Firefox ESR 52.9
https://notcve.org/view.php?id=CVE-2018-5188
Memory safety bugs present in Firefox 60, Firefox ESR 60, and Firefox ESR 52.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61. Hay errores de seguridad de memoria en Firefox 60, Firefox ESR 60 y Firefox ESR 52.8. Algunos de estos errores mostraron evidencias de corrupción de memoria y se entiende que, con el suficiente esfuerzo, algunos de estos podrían explotarse para ejecutar código arbitrario. • http://www.securityfocus.com/bid/104555 https://access.redhat.com/errata/RHSA-2018:2112 https://access.redhat.com/errata/RHSA-2018:2113 https://access.redhat.com/errata/RHSA-2018:2251 https://access.redhat.com/errata/RHSA-2018:2252 https://bugzilla.mozilla.org/buglist.cgi?bug_id=1456189%2C1456975%2C1465898%2C1392739%2C1451297%2C1464063%2C1437842%2C1442722%2C1452576%2C1450688%2C1458264%2C1458270%2C1465108%2C1464829%2C1464079%2C1463494%2C1458048 https://lists.debian.org/debian-lts-announce/2018/06/msg00014.html http • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •