CVSS: 8.8EPSS: 0%CPEs: 21EXPL: 0CVE-2018-12360 – Mozilla: Use-after-free using focus()
https://notcve.org/view.php?id=CVE-2018-12360
29 Jun 2018 — A use-after-free vulnerability can occur when deleting an input element during a mutation event handler triggered by focusing that element. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61. Puede ocurrir una vulnerabilidad de uso de memoria previamente liberada al eliminar un elemento input durante un manejador de eventos de mutación que se desencadena al focalizar dicho elemento. Esto r... • http://www.securityfocus.com/bid/104555 • CWE-416: Use After Free •
CVSS: 9.8EPSS: 1%CPEs: 20EXPL: 0CVE-2018-5188 – Mozilla: Memory safety bugs fixed in Firefox 61, Firefox ESR 60.1, and Firefox ESR 52.9
https://notcve.org/view.php?id=CVE-2018-5188
29 Jun 2018 — Memory safety bugs present in Firefox 60, Firefox ESR 60, and Firefox ESR 52.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61. Hay errores de seguridad de memoria en Firefox 60, Firefox ESR 60 y Firefox ESR 52.8. Algunos de estos errores mostraron evidencias de corrupción de memo... • http://www.securityfocus.com/bid/104555 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.8EPSS: 0%CPEs: 21EXPL: 0CVE-2018-12364 – Mozilla: CSRF attacks through 307 redirects and NPAPI plugins
https://notcve.org/view.php?id=CVE-2018-12364
29 Jun 2018 — NPAPI plugins, such as Adobe Flash, can send non-simple cross-origin requests, bypassing CORS by making a same-origin POST that does a 307 redirect to the target site. This allows for a malicious site to engage in cross-site request forgery (CSRF) attacks. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61. Los plugins NPAPI, como Adobe Flash, pueden enviar peticiones cross-origin, omitiendo CORS al hacer un POST same-origin que realiza ... • http://www.securityfocus.com/bid/104560 • CWE-352: Cross-Site Request Forgery (CSRF) CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVSS: 8.8EPSS: 0%CPEs: 21EXPL: 0CVE-2018-12362 – Mozilla: Integer overflow in SSSE3 scaler
https://notcve.org/view.php?id=CVE-2018-12362
29 Jun 2018 — An integer overflow can occur during graphics operations done by the Supplemental Streaming SIMD Extensions 3 (SSSE3) scaler, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61. Puede ocurrir un desbordamiento de enteros durante las operaciones de gráficos realizadas por el escalador SSSE3 (Supplemental Streaming SIMD Extensions 3), lo que resulta en un cierre inesperado potencialmente explot... • http://www.securityfocus.com/bid/104560 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2017-7755
https://notcve.org/view.php?id=CVE-2017-7755
11 Jun 2018 — The Firefox installer on Windows can be made to load malicious DLL files stored in the same directory as the installer when it is run. This allows privileged execution if the installer is run with elevated privileges. Note: This attack only affects Windows operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. • http://www.securityfocus.com/bid/99057 • CWE-426: Untrusted Search Path •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2018-5174
https://notcve.org/view.php?id=CVE-2018-5174
11 Jun 2018 — In the Windows 10 April 2018 Update, Windows Defender SmartScreen honors the "SEE_MASK_FLAG_NO_UI" flag associated with downloaded files and will not show any UI. Files that are unknown and potentially dangerous will be allowed to run because SmartScreen will not prompt the user for a decision, and if the user is offline all files will be allowed to be opened because Windows won't prompt the user to ask what to do. Firefox incorrectly sets this flag when downloading files, leading to less secure behavior fr... • http://www.securityfocus.com/bid/104136 •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0CVE-2017-7763
https://notcve.org/view.php?id=CVE-2017-7763
11 Jun 2018 — Default fonts on OS X display some Tibetan characters as whitespace. When used in the addressbar as part of an IDN this can be used for domain name spoofing attacks. Note: This attack only affects OS X operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. • http://www.securityfocus.com/bid/99057 • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2017-7782
https://notcve.org/view.php?id=CVE-2017-7782
11 Jun 2018 — An error in the "WindowsDllDetourPatcher" where a RWX ("Read/Write/Execute") 4k block is allocated but never protected, violating DEP protections. Note: This attack only affects Windows operating systems. Other operating systems are not affected. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. Error en "WindowsDllDetourPatcher", donde un bloque 4k RWX ("Read/Write/Execute") se asigna, pero nunca se proteje, violando las protecciones DEP. • http://www.securityfocus.com/bid/100243 • CWE-269: Improper Privilege Management •
CVSS: 9.3EPSS: 0%CPEs: 4EXPL: 0CVE-2017-7845
https://notcve.org/view.php?id=CVE-2017-7845
11 Jun 2018 — A buffer overflow occurs when drawing and validating elements using Direct 3D 9 with the ANGLE graphics library, used for WebGL content. This is due to an incorrect value being passed within the library during checks and results in a potentially exploitable crash. Note: This attack only affects Windows operating systems. Other operating systems are unaffected. This vulnerability affects Thunderbird < 52.5.2, Firefox ESR < 52.5.2, and Firefox < 57.0.2. • http://www.securityfocus.com/bid/102115 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 3%CPEs: 4EXPL: 1CVE-2017-5411
https://notcve.org/view.php?id=CVE-2017-5411
11 Jun 2018 — A use-after-free can occur during buffer storage operations within the ANGLE graphics library, used for WebGL content. The buffer storage can be freed while still in use in some circumstances, leading to a potentially exploitable crash. Note: This issue is in "libGLES", which is only in use on Windows. Other operating systems are not affected. This vulnerability affects Firefox < 52 and Thunderbird < 52. • http://www.securityfocus.com/bid/96692 • CWE-416: Use After Free •