CVSS: 4.3EPSS: 1%CPEs: 9EXPL: 0CVE-2018-12367 – Gentoo Linux Security Advisory 201811-13
https://notcve.org/view.php?id=CVE-2018-12367
05 Jul 2018 — In the previous mitigations for Spectre, the resolution or precision of various methods was reduced to counteract the ability to measure precise time intervals. In that work PerformanceNavigationTiming was not adjusted but it was found that it could be used as a precision timer. This vulnerability affects Thunderbird < 60, Firefox ESR < 60.1, and Firefox < 61. En las mitigaciones anteriores para Spectre, la resolución o precisión de varios métodos se redujo para contrarrestar la capacidad de medir intervalo... • http://www.securityfocus.com/bid/104561 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 20EXPL: 0CVE-2018-5156 – Mozilla: Media recorder segmentation fault when track type is changed during capture
https://notcve.org/view.php?id=CVE-2018-5156
29 Jun 2018 — A vulnerability can occur when capturing a media stream when the media source type is changed as the capture is occurring. This can result in stream data being cast to the wrong type causing a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61. Puede ocurrir una vulnerabilidad al capturar una transmisión de medios cuando el tipo de origen de medios se cambia al mismo tiempo que se realiza la captura. Esto puede resultar en que... • http://www.securityfocus.com/bid/104560 • CWE-20: Improper Input Validation CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 0%CPEs: 20EXPL: 0CVE-2018-5188 – Mozilla: Memory safety bugs fixed in Firefox 61, Firefox ESR 60.1, and Firefox ESR 52.9
https://notcve.org/view.php?id=CVE-2018-5188
29 Jun 2018 — Memory safety bugs present in Firefox 60, Firefox ESR 60, and Firefox ESR 52.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61. Hay errores de seguridad de memoria en Firefox 60, Firefox ESR 60 y Firefox ESR 52.8. Algunos de estos errores mostraron evidencias de corrupción de memo... • http://www.securityfocus.com/bid/104555 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.8EPSS: 0%CPEs: 21EXPL: 0CVE-2018-12359 – Mozilla: Buffer overflow using computed size of canvas element
https://notcve.org/view.php?id=CVE-2018-12359
29 Jun 2018 — A buffer overflow can occur when rendering canvas content while adjusting the height and width of the canvas element dynamically, causing data to be written outside of the currently computed boundaries. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61. Puede ocurrir un desbordamiento de búfer al renderizar contenido canvas al ajustar dinámicamente la altura y anchura del elemento canvas,... • http://www.securityfocus.com/bid/104555 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.8EPSS: 0%CPEs: 21EXPL: 0CVE-2018-12360 – Mozilla: Use-after-free using focus()
https://notcve.org/view.php?id=CVE-2018-12360
29 Jun 2018 — A use-after-free vulnerability can occur when deleting an input element during a mutation event handler triggered by focusing that element. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61. Puede ocurrir una vulnerabilidad de uso de memoria previamente liberada al eliminar un elemento input durante un manejador de eventos de mutación que se desencadena al focalizar dicho elemento. Esto r... • http://www.securityfocus.com/bid/104555 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 21EXPL: 0CVE-2018-12362 – Mozilla: Integer overflow in SSSE3 scaler
https://notcve.org/view.php?id=CVE-2018-12362
29 Jun 2018 — An integer overflow can occur during graphics operations done by the Supplemental Streaming SIMD Extensions 3 (SSSE3) scaler, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61. Puede ocurrir un desbordamiento de enteros durante las operaciones de gráficos realizadas por el escalador SSSE3 (Supplemental Streaming SIMD Extensions 3), lo que resulta en un cierre inesperado potencialmente explot... • http://www.securityfocus.com/bid/104560 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-190: Integer Overflow or Wraparound •
CVSS: 8.8EPSS: 0%CPEs: 21EXPL: 0CVE-2018-12363 – Mozilla: Use-after-free when appending DOM nodes
https://notcve.org/view.php?id=CVE-2018-12363
29 Jun 2018 — A use-after-free vulnerability can occur when script uses mutation events to move DOM nodes between documents, resulting in the old document that held the node being freed but the node still having a pointer referencing it. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61. Puede ocurrir una vulnerabilidad de uso de memoria previamente liberada cuando script emplea eventos de mutación par... • http://www.securityfocus.com/bid/104560 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 21EXPL: 0CVE-2018-12364 – Mozilla: CSRF attacks through 307 redirects and NPAPI plugins
https://notcve.org/view.php?id=CVE-2018-12364
29 Jun 2018 — NPAPI plugins, such as Adobe Flash, can send non-simple cross-origin requests, bypassing CORS by making a same-origin POST that does a 307 redirect to the target site. This allows for a malicious site to engage in cross-site request forgery (CSRF) attacks. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61. Los plugins NPAPI, como Adobe Flash, pueden enviar peticiones cross-origin, omitiendo CORS al hacer un POST same-origin que realiza ... • http://www.securityfocus.com/bid/104560 • CWE-352: Cross-Site Request Forgery (CSRF) CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVSS: 6.5EPSS: 0%CPEs: 21EXPL: 0CVE-2018-12365 – Mozilla: Compromised IPC child process can list local filenames
https://notcve.org/view.php?id=CVE-2018-12365
29 Jun 2018 — A compromised IPC child process can escape the content sandbox and list the names of arbitrary files on the file system without user consent or interaction. This could result in exposure of private local files. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61. Un proceso hijo IPC comprometido puede escapar el sandbox de contenido y listar los nombres de archivos arbitrarios en el sistema de archivos sin consentimiento o interacción del... • http://www.securityfocus.com/bid/104560 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-552: Files or Directories Accessible to External Parties •
CVSS: 6.5EPSS: 0%CPEs: 21EXPL: 0CVE-2018-12366 – Mozilla: Invalid data handling during QCMS transformations
https://notcve.org/view.php?id=CVE-2018-12366
29 Jun 2018 — An invalid grid size during QCMS (color profile) transformations can result in the out-of-bounds read interpreted as a float value. This could leak private data into the output. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61. Un tamaño de cuadrícula inválido durante las transformaciones QCMS (perfil de color) puede resultar en la lectura fuera de límites interpretada como valor float. Esto podría conducir al filtrado de datos privado... • http://www.securityfocus.com/bid/104560 • CWE-125: Out-of-bounds Read •