CVSS: 8.8EPSS: 0%CPEs: 17EXPL: 0CVE-2018-5130 – Mozilla: Mismatched RTP payload type can trigger memory corruption (MFSA 2018-07)
https://notcve.org/view.php?id=CVE-2018-5130
When packets with a mismatched RTP payload type are sent in WebRTC connections, in some circumstances a potentially exploitable crash is triggered. This vulnerability affects Firefox ESR < 52.7 and Firefox < 59. Cuando se envían paquetes con un tipo de carga útil RTP no coincidente en conexiones WebRTC, en algunas circunstancias, se desencadena un fallo potencialmente explotable. Esta vulnerabilidad afecta a las versiones anteriores a la 52.7 de Firefox ESR y las versiones anteriores a la 59 de Firefox. • http://www.securityfocus.com/bid/103388 http://www.securitytracker.com/id/1040514 https://access.redhat.com/errata/RHSA-2018:0526 https://access.redhat.com/errata/RHSA-2018:0527 https://bugzilla.mozilla.org/show_bug.cgi?id=1433005 https://lists.debian.org/debian-lts-announce/2018/03/msg00010.html https://security.gentoo.org/glsa/201810-01 https://usn.ubuntu.com/3596-1 https://www.debian.org/security/2018/dsa-4139 https://www.mozilla.org/security/advisories/mfsa2018-06&# • CWE-20: Improper Input Validation CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-5135
https://notcve.org/view.php?id=CVE-2018-5135
WebExtensions can bypass normal restrictions in some circumstances and use "browser.tabs.executeScript" to inject scripts into contexts where this should not be allowed, such as pages from other WebExtensions or unprivileged "about:" pages. This vulnerability affects Firefox < 59. WebExtensions puede omitir las restricciones normales en algunas circunstancias y utilizar "browser.tabs.executeScript" para inyectar secuencias de comandos en contextos en los que esto no debería permitirse, como páginas de otros WebExtensions o páginas "about:" no privilegiadas. Esta vulnerabilidad afecta a las versiones anteriores a la 59 de Firefox. • http://www.securityfocus.com/bid/103386 http://www.securitytracker.com/id/1040514 https://bugzilla.mozilla.org/show_bug.cgi?id=1431371 https://usn.ubuntu.com/3596-1 https://www.mozilla.org/security/advisories/mfsa2018-06 • CWE-862: Missing Authorization •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2018-5126
https://notcve.org/view.php?id=CVE-2018-5126
Memory safety bugs were reported in Firefox 58. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 59. Se han informado de errores de seguridad de memoria en Firefox 58. Algunos de estos errores mostraron evidencias de corrupción de memoria y se cree que, con el esfuerzo necesario, se podrían explotar para ejecutar código arbitrario. • http://www.securityfocus.com/bid/103386 http://www.securitytracker.com/id/1040514 https://bugzilla.mozilla.org/buglist.cgi?bug_id=1433671%2C1414768%2C1416523%2C1425691%2C1441006%2C1429768%2C1426002%2C1297740%2C1435566%2C1432855%2C1442318%2C1421963%2C1422631%2C1426603%2C1404297%2C1425257%2C1373934%2C1423173%2C1416940 https://usn.ubuntu.com/3596-1 https://www.mozilla.org/security/advisories/mfsa2018-06 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2018-5137
https://notcve.org/view.php?id=CVE-2018-5137
A legacy extension's non-contentaccessible, defined resources can be loaded by an arbitrary web page through script. This script does this by using a maliciously crafted path string to reference the resources. Note: this vulnerability does not affect WebExtensions. This vulnerability affects Firefox < 59. Los recursos definidos y no accesibles de una extensión legacy pueden ser cargados por una página web arbitraria a través de un script. • http://www.securityfocus.com/bid/103386 http://www.securitytracker.com/id/1040514 https://bugzilla.mozilla.org/show_bug.cgi?id=1432870 https://usn.ubuntu.com/3596-1 https://www.mozilla.org/security/advisories/mfsa2018-06 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 18EXPL: 0CVE-2018-5127 – Mozilla: Buffer overflow manipulating SVG animatedPathSegList (MFSA 2018-07)
https://notcve.org/view.php?id=CVE-2018-5127
A buffer overflow can occur when manipulating the SVG "animatedPathSegList" through script. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.7, Firefox ESR < 52.7, and Firefox < 59. Se puede producir un desbordamiento de búfer cuando se manipula el SVG "animatedPathSegList" mediante un script. Esto resulta en un cierre inesperado explotable. • http://www.securityfocus.com/bid/103388 http://www.securitytracker.com/id/1040514 https://access.redhat.com/errata/RHSA-2018:0526 https://access.redhat.com/errata/RHSA-2018:0527 https://access.redhat.com/errata/RHSA-2018:0647 https://access.redhat.com/errata/RHSA-2018:0648 https://bugzilla.mozilla.org/show_bug.cgi?id=1430557 https://lists.debian.org/debian-lts-announce/2018/03/msg00010.html https://lists.debian.org/debian-lts-announce/2018/03/msg00029.html https://securi • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •