CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2017-7806
https://notcve.org/view.php?id=CVE-2017-7806
A use-after-free vulnerability can occur when the layer manager is freed too early when rendering specific SVG content, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 55. Puede ocurrir una vulnerabilidad de uso de memoria previamente liberada cuando el gestor de capas se liberar demasiado pronto cuando se "renderizar" determinados contenidos SVG, resultando en un cierre inesperado explotable. Esta vulnerabilidad afecta a las versiones anteriores a la 55 de Firefox. • http://www.securityfocus.com/bid/100389 http://www.securitytracker.com/id/1039124 https://bugzilla.mozilla.org/show_bug.cgi?id=1378113 https://www.mozilla.org/security/advisories/mfsa2017-18 • CWE-416: Use After Free •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2017-7788
https://notcve.org/view.php?id=CVE-2017-7788
When an "iframe" has a "sandbox" attribute and its content is specified using "srcdoc", that content does not inherit the containing page's Content Security Policy (CSP) as it should unless the sandbox attribute included "allow-same-origin". This vulnerability affects Firefox < 55. cuando un iframe tiene un atributo "sandbox" y su contenido se especifica mediante "srcdoc", dicho contenido no hereda el CSP (Content Security Policy) de la página que lo contiene, tal y como debería, a no ser que el atributo sandbox incluya "allow-same-origin". La vulnerabilidad afecta a Firefox en versiones anteriores a la 55. • http://www.securityfocus.com/bid/100379 http://www.securitytracker.com/id/1039124 https://bugzilla.mozilla.org/show_bug.cgi?id=1073952 https://www.mozilla.org/security/advisories/mfsa2017-18 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2017-7794
https://notcve.org/view.php?id=CVE-2017-7794
On Linux systems, if the content process is compromised, the sandbox broker will allow files to be truncated even though the sandbox explicitly only has read access to the local file system and no write permissions. Note: This attack only affects the Linux operating system. Other operating systems are not affected. This vulnerability affects Firefox < 55. En sistemas Linux, si el proceso content se ve comprometido, el broker del sandbox permitirá el truncado de archivos aunque el sandbox solo tenga explícitamente acceso de lectura al sistema de archivos local y no tenga permisos de escritura. • http://www.securitytracker.com/id/1039124 https://bugzilla.mozilla.org/show_bug.cgi?id=1374281 https://www.mozilla.org/security/advisories/mfsa2017-18 • CWE-276: Incorrect Default Permissions •
CVSS: 9.1EPSS: 0%CPEs: 18EXPL: 1CVE-2017-7753 – Mozilla: Out-of-bounds read with cached style data and pseudo-elements (MFSA 2017-19)
https://notcve.org/view.php?id=CVE-2017-7753
An out-of-bounds read occurs when applying style rules to pseudo-elements, such as ::first-line, using cached style data. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. Ocurre una lectura fuera de límites al aplicar reglas de estilo a pseudo-elementos, como ::first-line, mediante el uso de datos de estilo en caché. La vulnerabilidad afecta a Thunderbird en versiones anteriores a la 52.3, Firefox ESR en versiones anteriores a la 52.3 y Firefox en versiones anteriores a la 55. • http://www.securityfocus.com/bid/100315 http://www.securitytracker.com/id/1039124 https://access.redhat.com/errata/RHSA-2017:2456 https://access.redhat.com/errata/RHSA-2017:2534 https://bugzilla.mozilla.org/show_bug.cgi?id=1353312 https://security.gentoo.org/glsa/201803-14 https://www.debian.org/security/2017/dsa-3928 https://www.debian.org/security/2017/dsa-3968 https://www.mozilla.org/security/advisories/mfsa2017-18 https://www.mozilla.org/security/advisories/mfsa2017-19 • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 1%CPEs: 22EXPL: 1CVE-2017-7792 – Mozilla: Buffer overflow viewing certificates with long OID (MFSA 2017-19)
https://notcve.org/view.php?id=CVE-2017-7792
A buffer overflow will occur when viewing a certificate in the certificate manager if the certificate has an extremely long object identifier (OID). This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. Ocurrirá un desbordamiento de búfer al ver un certificado en el gestor de certificados si el certificado tiene un OID (Object Identifier) o identificador de objeto demasiado largo. Esto resulta en un cierre inesperado potencialmente explotable. • http://www.securityfocus.com/bid/100206 http://www.securitytracker.com/id/1039124 https://access.redhat.com/errata/RHSA-2017:2456 https://access.redhat.com/errata/RHSA-2017:2534 https://bugzilla.mozilla.org/show_bug.cgi?id=1368652 https://security.gentoo.org/glsa/201803-14 https://www.debian.org/security/2017/dsa-3928 https://www.debian.org/security/2017/dsa-3968 https://www.mozilla.org/security/advisories/mfsa2017-18 https://www.mozilla.org/security/advisories/mfsa2017-19 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •