CVSS: 8.8EPSS: 1%CPEs: 9EXPL: 0CVE-2018-12361 – Gentoo Linux Security Advisory 201811-13
https://notcve.org/view.php?id=CVE-2018-12361
05 Jul 2018 — An integer overflow can occur in the SwizzleData code while calculating buffer sizes. The overflowed value is used for subsequent graphics computations when their inputs are not sanitized which results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Firefox ESR < 60.1, and Firefox < 61. Puede ocurrir un desbordamiento de enteros en el código SwizzleData al calcular tamaños de búfer. El valor desbordado se emplea para posteriores cálculos de gráficos cuando sus entradas no se... • http://www.securityfocus.com/bid/104558 • CWE-190: Integer Overflow or Wraparound •
CVSS: 4.3EPSS: 0%CPEs: 9EXPL: 0CVE-2018-12367 – Gentoo Linux Security Advisory 201811-13
https://notcve.org/view.php?id=CVE-2018-12367
05 Jul 2018 — In the previous mitigations for Spectre, the resolution or precision of various methods was reduced to counteract the ability to measure precise time intervals. In that work PerformanceNavigationTiming was not adjusted but it was found that it could be used as a precision timer. This vulnerability affects Thunderbird < 60, Firefox ESR < 60.1, and Firefox < 61. En las mitigaciones anteriores para Spectre, la resolución o precisión de varios métodos se redujo para contrarrestar la capacidad de medir intervalo... • http://www.securityfocus.com/bid/104561 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 1CVE-2018-12371 – Gentoo Linux Security Advisory 201811-13
https://notcve.org/view.php?id=CVE-2018-12371
05 Jul 2018 — An integer overflow vulnerability in the Skia library when allocating memory for edge builders on some systems with at least 16 GB of RAM. This results in the use of uninitialized memory, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR < 60.1, Thunderbird < 60, and Firefox < 61. Una vulnerabilidad de desbordamiento de enteros en la biblioteca Skia al asignar memoria para constructores de bordes en algunos sistemas con al menos 16 GB de RAM. Esto resulta en el uso de memo... • https://bugzilla.mozilla.org/show_bug.cgi?id=1465686 • CWE-190: Integer Overflow or Wraparound •
CVSS: 9.8EPSS: 3%CPEs: 9EXPL: 0CVE-2018-5187 – Gentoo Linux Security Advisory 201811-13
https://notcve.org/view.php?id=CVE-2018-5187
05 Jul 2018 — Memory safety bugs present in Firefox 60 and Firefox ESR 60. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60, Firefox ESR < 60.1, and Firefox < 61. Hay errores de seguridad de memoria en Firefox 60 y Firefox ESR 60. Algunos de estos errores mostraron evidencias de corrupción de memoria y se entiende que, con el suficiente esfuerzo, algunos de estos podrían e... • http://www.securityfocus.com/bid/104556 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 1%CPEs: 21EXPL: 0CVE-2018-12359 – Mozilla: Buffer overflow using computed size of canvas element
https://notcve.org/view.php?id=CVE-2018-12359
29 Jun 2018 — A buffer overflow can occur when rendering canvas content while adjusting the height and width of the canvas element dynamically, causing data to be written outside of the currently computed boundaries. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61. Puede ocurrir un desbordamiento de búfer al renderizar contenido canvas al ajustar dinámicamente la altura y anchura del elemento canvas,... • http://www.securityfocus.com/bid/104555 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.8EPSS: 0%CPEs: 21EXPL: 0CVE-2018-12360 – Mozilla: Use-after-free using focus()
https://notcve.org/view.php?id=CVE-2018-12360
29 Jun 2018 — A use-after-free vulnerability can occur when deleting an input element during a mutation event handler triggered by focusing that element. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61. Puede ocurrir una vulnerabilidad de uso de memoria previamente liberada al eliminar un elemento input durante un manejador de eventos de mutación que se desencadena al focalizar dicho elemento. Esto r... • http://www.securityfocus.com/bid/104555 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 21EXPL: 0CVE-2018-12362 – Mozilla: Integer overflow in SSSE3 scaler
https://notcve.org/view.php?id=CVE-2018-12362
29 Jun 2018 — An integer overflow can occur during graphics operations done by the Supplemental Streaming SIMD Extensions 3 (SSSE3) scaler, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61. Puede ocurrir un desbordamiento de enteros durante las operaciones de gráficos realizadas por el escalador SSSE3 (Supplemental Streaming SIMD Extensions 3), lo que resulta en un cierre inesperado potencialmente explot... • http://www.securityfocus.com/bid/104560 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-190: Integer Overflow or Wraparound •
CVSS: 8.8EPSS: 0%CPEs: 21EXPL: 0CVE-2018-12363 – Mozilla: Use-after-free when appending DOM nodes
https://notcve.org/view.php?id=CVE-2018-12363
29 Jun 2018 — A use-after-free vulnerability can occur when script uses mutation events to move DOM nodes between documents, resulting in the old document that held the node being freed but the node still having a pointer referencing it. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61. Puede ocurrir una vulnerabilidad de uso de memoria previamente liberada cuando script emplea eventos de mutación par... • http://www.securityfocus.com/bid/104560 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 21EXPL: 0CVE-2018-12364 – Mozilla: CSRF attacks through 307 redirects and NPAPI plugins
https://notcve.org/view.php?id=CVE-2018-12364
29 Jun 2018 — NPAPI plugins, such as Adobe Flash, can send non-simple cross-origin requests, bypassing CORS by making a same-origin POST that does a 307 redirect to the target site. This allows for a malicious site to engage in cross-site request forgery (CSRF) attacks. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61. Los plugins NPAPI, como Adobe Flash, pueden enviar peticiones cross-origin, omitiendo CORS al hacer un POST same-origin que realiza ... • http://www.securityfocus.com/bid/104560 • CWE-352: Cross-Site Request Forgery (CSRF) CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVSS: 6.5EPSS: 0%CPEs: 21EXPL: 0CVE-2018-12365 – Mozilla: Compromised IPC child process can list local filenames
https://notcve.org/view.php?id=CVE-2018-12365
29 Jun 2018 — A compromised IPC child process can escape the content sandbox and list the names of arbitrary files on the file system without user consent or interaction. This could result in exposure of private local files. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61. Un proceso hijo IPC comprometido puede escapar el sandbox de contenido y listar los nombres de archivos arbitrarios en el sistema de archivos sin consentimiento o interacción del... • http://www.securityfocus.com/bid/104560 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-552: Files or Directories Accessible to External Parties •