Page 193 of 2282 results (0.016 seconds)

CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 1

CVE-2017-7764 – Mozilla: Domain spoofing with combination of Canadian Syllabics and other unicode blocks (MFSA 2017-16)

https://notcve.org/view.php?id=CVE-2017-7764

Characters from the "Canadian Syllabics" unicode block can be mixed with characters from other unicode blocks in the addressbar instead of being rendered as their raw "punycode" form, allowing for domain name spoofing attacks through character confusion. The current Unicode standard allows characters from "Aspirational Use Scripts" such as Canadian Syllabics to be mixed with Latin characters in the "moderately restrictive" IDN profile. We have changed Firefox behavior to match the upcoming Unicode version 10.0 which removes this category and treats them as "Limited Use Scripts.". This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. Los caracteres del bloque unicode "Canadian Syllabics" pueden mezclarse con caracteres de otros bloques unicode en la barra de direcciones en lugar de ser presentados en su forma "punycode" sin procesar. • http://www.securityfocus.com/bid/99057 http://www.securitytracker.com/id/1038689 http://www.unicode.org/reports/tr31/tr31-26.html#Aspirational_Use_Scripts https://access.redhat.com/errata/RHSA-2017:1440 https://access.redhat.com/errata/RHSA-2017:1561 https://bugzilla.mozilla.org/show_bug.cgi?id=1364283 https://www.debian.org/security/2017/dsa-3881 https://www.debian.org/security/2017/dsa-3918 https://www.mozilla.org/security/advisories/mfsa2017-15 https://www.mozilla.org • CWE-20: Improper Input Validation •

CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1

CVE-2017-7773 – graphite2: heap-buffer-overflow write "lz4::decompress" (src/Decompressor)

https://notcve.org/view.php?id=CVE-2017-7773

Heap-based Buffer Overflow write in Graphite2 library in Firefox before 54 in lz4::decompress src/Decompressor. La librería Graphite2, en versiones de Firefox anteriores a la 54, es vulnerable a un desbordamiento de búfer de escritura basado en memoria dinámica en lz4::decompress src/Decompressor. A heap-based buffer overflow flaw related to "lz4::decompress" (src/Decompressor) has been reported in graphite2. An attacker could exploit this issue to cause a crash or, possibly, execute arbitrary code. • https://www.mozilla.org/en-US/security/advisories/mfsa2017-15 https://access.redhat.com/security/cve/CVE-2017-7773 https://bugzilla.redhat.com/show_bug.cgi?id=1472215 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •

CVSS: 9.8EPSS: 1%CPEs: 18EXPL: 1

CVE-2017-7750 – Mozilla: Use-after-free with track elements (MFSA 2017-16)

https://notcve.org/view.php?id=CVE-2017-7750

A use-after-free vulnerability during video control operations when a "<track>" element holds a reference to an older window if that window has been replaced in the DOM. This results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. Vulnerabilidad de uso de memoria previamente liberada durante las operaciones de control de vídeo cuando un elemento "" mantiene una referencia a una ventana más antigua si esa ventana ha sido reemplazada en el DOM. Esto resulta en un cierre inesperado potencialmente explotable. • http://www.securityfocus.com/bid/99057 http://www.securitytracker.com/id/1038689 https://access.redhat.com/errata/RHSA-2017:1440 https://access.redhat.com/errata/RHSA-2017:1561 https://bugzilla.mozilla.org/show_bug.cgi?id=1356558 https://www.debian.org/security/2017/dsa-3881 https://www.debian.org/security/2017/dsa-3918 https://www.mozilla.org/security/advisories/mfsa2017-15 https://www.mozilla.org/security/advisories/mfsa2017-16 https://www.mozilla.org/security/advisories • CWE-416: Use After Free •

CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 1

CVE-2017-7771 – graphite2: out of bounds read in "graphite2::Pass::readPass"

https://notcve.org/view.php?id=CVE-2017-7771

Out-of-bounds read in Graphite2 Library in Firefox before 54 in graphite2::Pass::readPass function. Lectura fuera de límites en la librería Graphite2 para versiones de Firefox anteriores a la 54 en la función graphite2::Pass::readPass. An out of bounds read flaw related to "graphite2::Pass::readPass" has been reported in graphite2. An attacker could possibly exploit this flaw to disclose potentially sensitive memory or cause an application crash. • https://bugzilla.redhat.com/show_bug.cgi?id=1472212 https://www.mozilla.org/en-US/security/advisories/mfsa2017-15 https://access.redhat.com/security/cve/CVE-2017-7771 • CWE-125: Out-of-bounds Read •

CVSS: 9.8EPSS: 0%CPEs: 18EXPL: 0

CVE-2017-7749 – Mozilla: Use-after-free during docshell reloading (MFSA 2017-16)

https://notcve.org/view.php?id=CVE-2017-7749

A use-after-free vulnerability when using an incorrect URL during the reloading of a docshell. This results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. Vulnerabilidad de uso de memoria previamente liberada al emplear una URL incorrecta durante la recarga de un docshell. Esto resulta en un cierre inesperado potencialmente explotable. • http://www.securityfocus.com/bid/99057 http://www.securitytracker.com/id/1038689 https://access.redhat.com/errata/RHSA-2017:1440 https://access.redhat.com/errata/RHSA-2017:1561 https://bugzilla.mozilla.org/show_bug.cgi?id=1355039 https://www.debian.org/security/2017/dsa-3881 https://www.debian.org/security/2017/dsa-3918 https://www.mozilla.org/security/advisories/mfsa2017-15 https://www.mozilla.org/security/advisories/mfsa2017-16 https://www.mozilla.org/security/advisories • CWE-416: Use After Free •