CVSS: 9.8EPSS: 0%CPEs: 18EXPL: 0CVE-2018-12377 – Mozilla: Use-after-free in driver timers
https://notcve.org/view.php?id=CVE-2018-12377
08 Sep 2018 — A use-after-free vulnerability can occur when refresh driver timers are refreshed in some circumstances during shutdown when the timer is deleted while still in use. This results in a potentially exploitable crash. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird < 60.2.1. Puede ocurrir una vulnerabilidad de uso de memoria previamente liberada cuando se actualizan los temporizadores de los drivers de actualización en algunas circunstancias durante el apagado cuando el temporizado... • http://www.securityfocus.com/bid/105280 • CWE-416: Use After Free •
CVSS: 9.8EPSS: 0%CPEs: 18EXPL: 0CVE-2018-12376 – Mozilla: Memory safety bugs fixed in Firefox 62 and Firefox ESR 60.2
https://notcve.org/view.php?id=CVE-2018-12376
08 Sep 2018 — Memory safety bugs present in Firefox 61 and Firefox ESR 60.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird < 60.2.1. Hay errores de seguridad de memoria en Firefox 61 y Firefox ESR 60.1. Algunos de estos errores mostraron evidencias de corrupción de memoria y se entiende que, con el suficiente esfuerzo, algunos de estos p... • http://www.securityfocus.com/bid/105280 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.5EPSS: 0%CPEs: 18EXPL: 1CVE-2018-12383 – Mozilla: Setting a master password post-Firefox 58 does not delete unencrypted previously stored passwords
https://notcve.org/view.php?id=CVE-2018-12383
07 Sep 2018 — If a user saved passwords before Firefox 58 and then later set a master password, an unencrypted copy of these passwords is still accessible. This is because the older stored password file was not deleted when the data was copied to a new format starting in Firefox 58. The new master password is added only on the new file. This could allow the exposure of stored password data outside of user expectations. This vulnerability affects Firefox < 62, Firefox ESR < 60.2.1, and Thunderbird < 60.2.1. • http://www.securityfocus.com/bid/105276 • CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer CWE-522: Insufficiently Protected Credentials •
CVSS: 9.8EPSS: 0%CPEs: 18EXPL: 0CVE-2018-12378 – Mozilla: Use-after-free in IndexedDB
https://notcve.org/view.php?id=CVE-2018-12378
07 Sep 2018 — A use-after-free vulnerability can occur when an IndexedDB index is deleted while still in use by JavaScript code that is providing payload values to be stored. This results in a potentially exploitable crash. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird < 60.2.1. Puede ocurrir una vulnerabilidad de uso de memoria previamente liberada cuando un índice IndexedDB se elimina mientras sigue en uso por parte de código JavaScript que está proporcionando valores de carga útil para q... • http://www.securityfocus.com/bid/105280 • CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 17EXPL: 0CVE-2018-12372 – thunderbird: S/MIME and PGP decryption oracles can be built with HTML emails
https://notcve.org/view.php?id=CVE-2018-12372
12 Jul 2018 — Decrypted S/MIME parts, when included in HTML crafted for an attack, can leak plaintext when included in a a HTML reply/forward. This vulnerability affects Thunderbird < 52.9. Las partes S/MIME descifradas, cuando se incluyen en HTML manipulado para un ataque, pueden filtrar texto plano cuando se incluyen en una respuesta/reenvío HTML. La vulnerabilidad afecta a Thunderbird en versiones anteriores a la 52.9. Multiple security issues were discovered in Thunderbird. • http://www.securityfocus.com/bid/104613 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-201: Insertion of Sensitive Information Into Sent Data •
CVSS: 6.5EPSS: 0%CPEs: 17EXPL: 0CVE-2018-12373 – thunderbird: S/MIME plaintext can be leaked through HTML reply/forward
https://notcve.org/view.php?id=CVE-2018-12373
12 Jul 2018 — dDecrypted S/MIME parts hidden with CSS or the plaintext HTML tag can leak plaintext when included in a HTML reply/forward. This vulnerability affects Thunderbird < 52.9. Las partes S/MIME descifradas ocultas con CSS o la etiqueta HTML en texto plano pueden filtrar texto plano cuando se incluyen en una respuesta/reenvío HTML. La vulnerabilidad afecta a Thunderbird en versiones anteriores a la 52.9. Multiple security issues were discovered in Thunderbird. • http://www.securityfocus.com/bid/104613 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer •
CVSS: 4.3EPSS: 0%CPEs: 17EXPL: 0CVE-2018-12374 – thunderbird: Using form to exfiltrate encrypted mail part by pressing enter in form field
https://notcve.org/view.php?id=CVE-2018-12374
12 Jul 2018 — Plaintext of decrypted emails can leak through by user submitting an embedded form by pressing enter key within a text input field. This vulnerability affects Thunderbird < 52.9. El texto plano de los emails descifrados puede ser filtrado por usuarios que envían un formulario embebido al presionar la tecla enter en un campo de introducción de texto. La vulnerabilidad afecta a Thunderbird en versiones anteriores a la 52.9. Multiple security issues were discovered in Thunderbird. • http://www.securityfocus.com/bid/104613 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-356: Product UI does not Warn User of Unsafe Actions •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 1CVE-2018-12371 – Gentoo Linux Security Advisory 201811-13
https://notcve.org/view.php?id=CVE-2018-12371
05 Jul 2018 — An integer overflow vulnerability in the Skia library when allocating memory for edge builders on some systems with at least 16 GB of RAM. This results in the use of uninitialized memory, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR < 60.1, Thunderbird < 60, and Firefox < 61. Una vulnerabilidad de desbordamiento de enteros en la biblioteca Skia al asignar memoria para constructores de bordes en algunos sistemas con al menos 16 GB de RAM. Esto resulta en el uso de memo... • https://bugzilla.mozilla.org/show_bug.cgi?id=1465686 • CWE-190: Integer Overflow or Wraparound •
CVSS: 9.8EPSS: 0%CPEs: 9EXPL: 0CVE-2018-5187 – Gentoo Linux Security Advisory 201811-13
https://notcve.org/view.php?id=CVE-2018-5187
05 Jul 2018 — Memory safety bugs present in Firefox 60 and Firefox ESR 60. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60, Firefox ESR < 60.1, and Firefox < 61. Hay errores de seguridad de memoria en Firefox 60 y Firefox ESR 60. Algunos de estos errores mostraron evidencias de corrupción de memoria y se entiende que, con el suficiente esfuerzo, algunos de estos podrían e... • http://www.securityfocus.com/bid/104556 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 9EXPL: 0CVE-2018-12361 – Gentoo Linux Security Advisory 201811-13
https://notcve.org/view.php?id=CVE-2018-12361
05 Jul 2018 — An integer overflow can occur in the SwizzleData code while calculating buffer sizes. The overflowed value is used for subsequent graphics computations when their inputs are not sanitized which results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Firefox ESR < 60.1, and Firefox < 61. Puede ocurrir un desbordamiento de enteros en el código SwizzleData al calcular tamaños de búfer. El valor desbordado se emplea para posteriores cálculos de gráficos cuando sus entradas no se... • http://www.securityfocus.com/bid/104558 • CWE-190: Integer Overflow or Wraparound •