CVSS: 8.8EPSS: 0%CPEs: 17EXPL: 0CVE-2018-5130 – Mozilla: Mismatched RTP payload type can trigger memory corruption (MFSA 2018-07)
https://notcve.org/view.php?id=CVE-2018-5130
When packets with a mismatched RTP payload type are sent in WebRTC connections, in some circumstances a potentially exploitable crash is triggered. This vulnerability affects Firefox ESR < 52.7 and Firefox < 59. Cuando se envían paquetes con un tipo de carga útil RTP no coincidente en conexiones WebRTC, en algunas circunstancias, se desencadena un fallo potencialmente explotable. Esta vulnerabilidad afecta a las versiones anteriores a la 52.7 de Firefox ESR y las versiones anteriores a la 59 de Firefox. • http://www.securityfocus.com/bid/103388 http://www.securitytracker.com/id/1040514 https://access.redhat.com/errata/RHSA-2018:0526 https://access.redhat.com/errata/RHSA-2018:0527 https://bugzilla.mozilla.org/show_bug.cgi?id=1433005 https://lists.debian.org/debian-lts-announce/2018/03/msg00010.html https://security.gentoo.org/glsa/201810-01 https://usn.ubuntu.com/3596-1 https://www.debian.org/security/2018/dsa-4139 https://www.mozilla.org/security/advisories/mfsa2018-06&# • CWE-20: Improper Input Validation CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-5134
https://notcve.org/view.php?id=CVE-2018-5134
WebExtensions may use "view-source:" URLs to view local "file:" URL content, as well as content stored in "about:cache", bypassing restrictions that only allow WebExtensions to view specific content. This vulnerability affects Firefox < 59. WebExtensions puede usar URL "view-source:" para visualizar contenido de URL"file:" local, así como el contenido almacenado en "about:cache", omitiendo las restricciones que solo permiten a WebExtensions visualizar contenido específico. Esta vulnerabilidad afecta a las versiones anteriores a la 59 de Firefox. • http://www.securityfocus.com/bid/103386 http://www.securitytracker.com/id/1040514 https://bugzilla.mozilla.org/show_bug.cgi?id=1429379 https://usn.ubuntu.com/3596-1 https://www.mozilla.org/security/advisories/mfsa2018-06 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2018-5126
https://notcve.org/view.php?id=CVE-2018-5126
Memory safety bugs were reported in Firefox 58. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 59. Se han informado de errores de seguridad de memoria en Firefox 58. Algunos de estos errores mostraron evidencias de corrupción de memoria y se cree que, con el esfuerzo necesario, se podrían explotar para ejecutar código arbitrario. • http://www.securityfocus.com/bid/103386 http://www.securitytracker.com/id/1040514 https://bugzilla.mozilla.org/buglist.cgi?bug_id=1433671%2C1414768%2C1416523%2C1425691%2C1441006%2C1429768%2C1426002%2C1297740%2C1435566%2C1432855%2C1442318%2C1421963%2C1422631%2C1426603%2C1404297%2C1425257%2C1373934%2C1423173%2C1416940 https://usn.ubuntu.com/3596-1 https://www.mozilla.org/security/advisories/mfsa2018-06 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 18EXPL: 0CVE-2018-5127 – Mozilla: Buffer overflow manipulating SVG animatedPathSegList (MFSA 2018-07)
https://notcve.org/view.php?id=CVE-2018-5127
A buffer overflow can occur when manipulating the SVG "animatedPathSegList" through script. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.7, Firefox ESR < 52.7, and Firefox < 59. Se puede producir un desbordamiento de búfer cuando se manipula el SVG "animatedPathSegList" mediante un script. Esto resulta en un cierre inesperado explotable. • http://www.securityfocus.com/bid/103388 http://www.securitytracker.com/id/1040514 https://access.redhat.com/errata/RHSA-2018:0526 https://access.redhat.com/errata/RHSA-2018:0527 https://access.redhat.com/errata/RHSA-2018:0647 https://access.redhat.com/errata/RHSA-2018:0648 https://bugzilla.mozilla.org/show_bug.cgi?id=1430557 https://lists.debian.org/debian-lts-announce/2018/03/msg00010.html https://lists.debian.org/debian-lts-announce/2018/03/msg00029.html https://securi • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-5124
https://notcve.org/view.php?id=CVE-2018-5124
Unsanitized output in the browser UI leaves HTML tags in place and can result in arbitrary code execution in Firefox before version 58.0.1. Una salida no saneada en la interfaz de usuario en el navegador deja etiquetas HTML que pueden conllevar en una ejecución de código en Firefox versiones anteriores a 58.0.1. • https://www.mozilla.org/en-US/security/advisories/mfsa2018-05 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •