CVSS: 9.8EPSS: 9%CPEs: 18EXPL: 1CVE-2018-18500 – Mozilla: Use-after-free parsing HTML5 stream
https://notcve.org/view.php?id=CVE-2018-18500
30 Jan 2019 — A use-after-free vulnerability can occur while parsing an HTML5 stream in concert with custom HTML elements. This results in the stream parser object being freed while still in use, leading to a potentially exploitable crash. This vulnerability affects Thunderbird < 60.5, Firefox ESR < 60.5, and Firefox < 65. Una vulnerabilidad de memoria previamente liberada puede ocurrir a la hora de analizar una transmisión HTML5 junto con elementos HTML personalizados. Esto resulta en la liberación del objeto de análisi... • https://github.com/sophoslabs/CVE-2018-18500 • CWE-416: Use After Free •
CVSS: 9.8EPSS: 0%CPEs: 18EXPL: 0CVE-2018-18493 – Mozilla: Buffer overflow in accelerated 2D canvas with Skia
https://notcve.org/view.php?id=CVE-2018-18493
13 Dec 2018 — A buffer overflow can occur in the Skia library during buffer offset calculations with hardware accelerated canvas 2D actions due to the use of 32-bit calculations instead of 64-bit. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64. Puede ocurrir un desbordamiento de búfer en la librería SKIA durante los cálculos de un desplazamiento de búfer con acciones de hardware aceleradas de CANVAS 2D, debido al uso de cálculos de 32-b... • http://www.securityfocus.com/bid/106168 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 0%CPEs: 18EXPL: 0CVE-2018-12405 – Mozilla: Memory safety bugs fixed in Firefox 64 and Firefox ESR 60.4
https://notcve.org/view.php?id=CVE-2018-12405
12 Dec 2018 — Mozilla developers and community members reported memory safety bugs present in Firefox 63 and Firefox ESR 60.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64. Los desarrolladores de Mozilla y los miembros de la comunidad reportaron problemas de seguridad existentes en Firefox 63 and Firefox ESR 60.3. Algunos de esto... • http://www.securityfocus.com/bid/106168 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 0%CPEs: 18EXPL: 0CVE-2018-18492 – Mozilla: Use-after-free with select element
https://notcve.org/view.php?id=CVE-2018-18492
12 Dec 2018 — A use-after-free vulnerability can occur after deleting a selection element due to a weak reference to the select element in the options collection. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64. Puede ocurrir una vulnerabilidad de uso de memoria previamente liberada tras el borrado de un elemento de selección debido a una referencia débil a dicho elemento en la colección de opciones. Esto resulta en un cierre inesperado ... • http://www.securityfocus.com/bid/106168 • CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 18EXPL: 0CVE-2018-18494 – Mozilla: Same-origin policy violation using location attribute and performance.getEntries to steal cross-origin URLs
https://notcve.org/view.php?id=CVE-2018-18494
12 Dec 2018 — A same-origin policy violation allowing the theft of cross-origin URL entries when using the Javascript location property to cause a redirection to another site using performance.getEntries(). This is a same-origin policy violation and could allow for data theft. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64. Una violación de una política del mismo origen permite el robo de entradas URL Cross-Origin cuando utiliza la propiedad de ubicación JavaScript para provocar un re... • http://www.securityfocus.com/bid/106168 • CWE-346: Origin Validation Error CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVSS: 9.8EPSS: 0%CPEs: 18EXPL: 0CVE-2018-18498 – Mozilla: Integer overflow when calculating buffer sizes for images
https://notcve.org/view.php?id=CVE-2018-18498
12 Dec 2018 — A potential vulnerability leading to an integer overflow can occur during buffer size calculations for images when a raw value is used instead of the checked value. This leads to a possible out-of-bounds write. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64. Puede ocurrir una vulnerabilidad potencial que conduce a un desbordamiento de enteros durante los cálculos de tamaño de búfer cuando se emplea un valor bruto en vez del valor comprobado. Esto conduce a una escritura ... • http://www.securityfocus.com/bid/106168 • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 9.3EPSS: 5%CPEs: 4EXPL: 0CVE-2018-12391 – Gentoo Linux Security Advisory 201811-13
https://notcve.org/view.php?id=CVE-2018-12391
24 Nov 2018 — During HTTP Live Stream playback on Firefox for Android, audio data can be accessed across origins in violation of security policies. Because the problem is in the underlying Android service, this issue is addressed by treating all HLS streams as cross-origin and opaque to access. *Note: this issue only affects Firefox for Android. Desktop versions of Firefox are unaffected.*. This vulnerability affects Firefox < 63, Firefox ESR < 60.3, and Thunderbird < 60.3. • http://www.securityfocus.com/bid/105718 • CWE-863: Incorrect Authorization •
CVSS: 8.8EPSS: 3%CPEs: 18EXPL: 0CVE-2018-12389 – Mozilla: Memory safety bugs fixed in Firefox ESR 60.3
https://notcve.org/view.php?id=CVE-2018-12389
25 Oct 2018 — Mozilla developers and community members reported memory safety bugs present in Firefox ESR 60.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 60.3 and Thunderbird < 60.3. Los desarrolladores de Mozilla y los miembros de la comunidad reportaron problemas de seguridad existentes en Firefox ESR 60.2. Algunos de estos errores mostraban evidencias de corrupción ... • http://www.securityfocus.com/bid/105723 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 5%CPEs: 19EXPL: 0CVE-2018-12390 – Mozilla: Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3
https://notcve.org/view.php?id=CVE-2018-12390
25 Oct 2018 — Mozilla developers and community members reported memory safety bugs present in Firefox 62 and Firefox ESR 60.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 63, Firefox ESR < 60.3, and Thunderbird < 60.3. Los desarrolladores de Mozilla y los miembros de la comunidad reportaron problemas de seguridad existentes en Firefox 62 y Firefox ESR 60.2. Algunos de estos ... • http://www.securityfocus.com/bid/105718 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 3%CPEs: 19EXPL: 0CVE-2018-12392 – Mozilla: Crash with nested event loops
https://notcve.org/view.php?id=CVE-2018-12392
25 Oct 2018 — When manipulating user events in nested loops while opening a document through script, it is possible to trigger a potentially exploitable crash due to poor event handling. This vulnerability affects Firefox < 63, Firefox ESR < 60.3, and Thunderbird < 60.3. Al manipular los eventos de usuario en bucles anidados durante la apertura de un documento mediante script, es posible desencadenar un cierre inesperado potencialmente explotable debido a la mala gestión de eventos. Esta vulnerabilidad afecta a las versi... • http://www.securityfocus.com/bid/105718 • CWE-364: Signal Handler Race Condition •