Page 194 of 1960 results (0.014 seconds)

CVSS: 9.8EPSS: 0%CPEs: 18EXPL: 0

CVE-2017-7749 – Mozilla: Use-after-free during docshell reloading (MFSA 2017-16)

https://notcve.org/view.php?id=CVE-2017-7749

A use-after-free vulnerability when using an incorrect URL during the reloading of a docshell. This results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. Vulnerabilidad de uso de memoria previamente liberada al emplear una URL incorrecta durante la recarga de un docshell. Esto resulta en un cierre inesperado potencialmente explotable. • http://www.securityfocus.com/bid/99057 http://www.securitytracker.com/id/1038689 https://access.redhat.com/errata/RHSA-2017:1440 https://access.redhat.com/errata/RHSA-2017:1561 https://bugzilla.mozilla.org/show_bug.cgi?id=1355039 https://www.debian.org/security/2017/dsa-3881 https://www.debian.org/security/2017/dsa-3918 https://www.mozilla.org/security/advisories/mfsa2017-15 https://www.mozilla.org/security/advisories/mfsa2017-16 https://www.mozilla.org/security/advisories • CWE-416: Use After Free •

CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 1

CVE-2017-7776 – graphite2: heap-buffer-overflow read "graphite2::Silf::getClassGlyph"

https://notcve.org/view.php?id=CVE-2017-7776

Heap-based Buffer Overflow read in Graphite2 library in Firefox before 54 in graphite2::Silf::getClassGlyph. La librería Graphite2, en versiones de Firefox anteriores a la 54, es vulnerable a un desbordamiento de búfer de lectura basado en memoria dinámica en graphite2::Silf::getClassGlyph. An out of bounds read flaw related to "graphite2::Silf::getClassGlyph" has been reported in graphite2. An attacker could possibly exploit this flaw to disclose potentially sensitive memory or cause an application crash. • https://www.mozilla.org/en-US/security/advisories/mfsa2017-15 https://access.redhat.com/security/cve/CVE-2017-7776 https://bugzilla.redhat.com/show_bug.cgi?id=1472223 • CWE-125: Out-of-bounds Read •

CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1

CVE-2017-7772 – graphite2: heap-buffer-overflow write "lz4::decompress" (CVE-2017-7772)

https://notcve.org/view.php?id=CVE-2017-7772

Heap-based Buffer Overflow in Graphite2 library in Firefox before 54 in lz4::decompress function. Desbordamiento de búfer basado en memoria dinámica (heap) en Graphinte2 en versiones de Firefox anteriores a la 54 en lz4::decompress function. A heap-based buffer overflow flaw related to "lz4::decompress" has been reported in graphite2. An attacker could exploit this issue to cause a crash or, possibly, execute arbitrary code. • https://www.mozilla.org/en-US/security/advisories/mfsa2017-15 https://access.redhat.com/security/cve/CVE-2017-7772 https://bugzilla.redhat.com/show_bug.cgi?id=1472213 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •

CVSS: 8.8EPSS: 0%CPEs: 18EXPL: 0

CVE-2017-7752 – Mozilla: Use-after-free with IME input (MFSA 2017-16)

https://notcve.org/view.php?id=CVE-2017-7752

A use-after-free vulnerability during specific user interactions with the input method editor (IME) in some languages due to how events are handled. This results in a potentially exploitable crash but would require specific user interaction to trigger. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. Vulnerabilidad de uso de memoria previamente liberada durante interacciones de usuario específicas con el IME (input method editor) en algunos lenguajes debido a la forma en la que se gestionan los eventos. Esto resulta en un cierre inesperado potencialmente explotable, pero sería necesaria interacción específica del usuario para desencadenarlo. • http://www.securityfocus.com/bid/99057 http://www.securitytracker.com/id/1038689 https://access.redhat.com/errata/RHSA-2017:1440 https://access.redhat.com/errata/RHSA-2017:1561 https://bugzilla.mozilla.org/show_bug.cgi?id=1359547 https://www.debian.org/security/2017/dsa-3881 https://www.debian.org/security/2017/dsa-3918 https://www.mozilla.org/security/advisories/mfsa2017-15 https://www.mozilla.org/security/advisories/mfsa2017-16 https://www.mozilla.org/security/advisories • CWE-416: Use After Free •

CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1

CVE-2017-7777 – graphite2: use of uninitialized memory "graphite2::GlyphCache::Loader::read_glyph"

https://notcve.org/view.php?id=CVE-2017-7777

Use of uninitialized memory in Graphite2 library in Firefox before 54 in graphite2::GlyphCache::Loader::read_glyph function. La librería Graphite2, en versiones de Firefox anteriores a la 54, es vulnerable a un uso de memoria no inicializada en la función graphite2::GlyphCache::Loader::read_glyph. The use of uninitialized memory related to "graphite2::GlyphCache::Loader::read_glyph" has been reported in graphite2. An attacker could possibly exploit this flaw to negatively impact the execution of an application using graphite2 in unknown ways. • https://www.mozilla.org/en-US/security/advisories/mfsa2017-15 https://access.redhat.com/security/cve/CVE-2017-7777 https://bugzilla.redhat.com/show_bug.cgi?id=1472225 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-456: Missing Initialization of a Variable •