Page 3 of 111 results (0.008 seconds)

CVSS: 6.1EPSS: 0%CPEs: 21EXPL: 0

CVE-2018-5168 – Mozilla: Lightweight themes can be installed without user interaction

https://notcve.org/view.php?id=CVE-2018-5168

Sites can bypass security checks on permissions to install lightweight themes by manipulating the "baseURI" property of the theme element. This could allow a malicious site to install a theme without user interaction which could contain offensive or embarrassing images. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8. Los sitios pueden omitir las comprobaciones de seguridad de los permisos para instalar temas ligeros manipulando la propiedad "baseURI" del elemento theme. Esto podría permitir que un sitio malicioso instale un tema sin la interacción del usuario que podría contener imágenes ofensivas o embarazosas. • http://www.securityfocus.com/bid/104136 http://www.securitytracker.com/id/1040896 https://access.redhat.com/errata/RHSA-2018:1414 https://access.redhat.com/errata/RHSA-2018:1415 https://access.redhat.com/errata/RHSA-2018:1725 https://access.redhat.com/errata/RHSA-2018:1726 https://bugzilla.mozilla.org/show_bug.cgi?id=1449548 https://lists.debian.org/debian-lts-announce/2018/05/msg00007.html https://lists.debian.org/debian-lts-announce/2018/05/msg00013.html https://securi • CWE-862: Missing Authorization •

CVSS: 8.1EPSS: 0%CPEs: 20EXPL: 0

CVE-2018-5178 – Mozilla: Buffer overflow during UTF-8 to Unicode string conversion through legacy extension

https://notcve.org/view.php?id=CVE-2018-5178

A buffer overflow was found during UTF8 to Unicode string conversion within JavaScript with extremely large amounts of data. This vulnerability requires the use of a malicious or vulnerable legacy extension in order to occur. This vulnerability affects Thunderbird ESR < 52.8, Thunderbird < 52.8, and Firefox ESR < 52.8. Se ha encontrado un desbordamiento de búfer durante la conversión de cadenas UTF8 a Unicode dentro de JavaScript con cantidades de datos extremadamente grandes. Esta vulnerabilidad requiere el uso de una extensión heredada maliciosa o vulnerable para que se produzca. • http://www.securityfocus.com/bid/104138 http://www.securitytracker.com/id/1040898 https://access.redhat.com/errata/RHSA-2018:1414 https://access.redhat.com/errata/RHSA-2018:1415 https://access.redhat.com/errata/RHSA-2018:1725 https://access.redhat.com/errata/RHSA-2018:1726 https://bugzilla.mozilla.org/show_bug.cgi?id=1443891 https://lists.debian.org/debian-lts-announce/2018/05/msg00007.html https://lists.debian.org/debian-lts-announce/2018/05/msg00013.html https://securi • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •

CVSS: 9.8EPSS: 0%CPEs: 20EXPL: 0

CVE-2018-5183 – Mozilla: Backport critical security fixes in Skia

https://notcve.org/view.php?id=CVE-2018-5183

Mozilla developers backported selected changes in the Skia library. These changes correct memory corruption issues including invalid buffer reads and writes during graphic operations. This vulnerability affects Thunderbird ESR < 52.8, Thunderbird < 52.8, and Firefox ESR < 52.8. Los desarrolladores de Mozilla aplicaron los cambios seleccionados en la biblioteca Skia. Estos cambios corrigen los problemas de corrupción de memoria, incluyendo las lecturas y escrituras de búfer no válidas durante las operaciones gráficas. • http://www.securityfocus.com/bid/104138 http://www.securitytracker.com/id/1040898 https://access.redhat.com/errata/RHSA-2018:1414 https://access.redhat.com/errata/RHSA-2018:1415 https://access.redhat.com/errata/RHSA-2018:1725 https://access.redhat.com/errata/RHSA-2018:1726 https://bugzilla.mozilla.org/show_bug.cgi?id=1454692 https://lists.debian.org/debian-lts-announce/2018/05/msg00007.html https://lists.debian.org/debian-lts-announce/2018/05/msg00013.html https://securi • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •

CVSS: 10.0EPSS: 0%CPEs: 20EXPL: 0

CVE-2017-5398 – Mozilla: Memory safety bugs fixed in Firefox 52 and Firefox ESR 45.8 (MFSA 2017-06)

https://notcve.org/view.php?id=CVE-2017-5398

Memory safety bugs were reported in Thunderbird 45.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8. Se han reportado errores de seguridad de memoria en Thunderbird 45.7. Algunos de estos errores mostraron evidencias de corrupción de memoria y se entiende que, con el suficiente esfuerzo, algunos de estos podrían explotarse para ejecutar código arbitrario. • http://rhn.redhat.com/errata/RHSA-2017-0459.html http://rhn.redhat.com/errata/RHSA-2017-0461.html http://rhn.redhat.com/errata/RHSA-2017-0498.html http://www.securityfocus.com/bid/96651 http://www.securitytracker.com/id/1037966 https://bugzilla.mozilla.org/buglist.cgi?bug_id=1332550%2C1332597%2C1338383%2C1321612%2C1322971%2C1333568%2C1333887%2C1335450%2C1325052%2C1324379%2C1336510 https://security.gentoo.org/glsa/201705-06 https://security.gentoo.org/glsa/201705-07 https://www.debian.org&#x • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 4.3EPSS: 0%CPEs: 153EXPL: 0

CVE-2014-2018

https://notcve.org/view.php?id=CVE-2014-2018

Cross-site scripting (XSS) vulnerability in Mozilla Thunderbird 17.x through 17.0.8, Thunderbird ESR 17.x through 17.0.10, and SeaMonkey before 2.20 allows user-assisted remote attackers to inject arbitrary web script or HTML via an e-mail message containing a data: URL in a (1) OBJECT or (2) EMBED element, a related issue to CVE-2013-6674. Vulnerabilidad de XSS en Mozilla Thunderbird 17.x hasta 17.0.8, Thunderbird ESR 17.x hasta 17.0.10 y SeaMonkey anterior a 2.20 permite a atacantes remotos asistidos por usuario inyectar script Web o HTML arbitrarios a través de un mensaje de e-mail que contiene un dato: URL en un elemento (1) OBJECT o (2) EMBED, un problema relacionado con CVE-2013-6674. • http://www.kb.cert.org/vuls/id/863369 http://www.mozilla.org/security/announce/2014/mfsa2014-14.html http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.securitytracker.com/id/1029773 http://www.securitytracker.com/id/1029774 http://www.vulnerability-lab.com/get_content.php?id=953 https://bugzilla.mozilla.org/show_bug.cgi?id=875818 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •