CVSS: 4.3EPSS: 0%CPEs: 19EXPL: 0CVE-2018-5161 – Mozilla: Hang via malformed headers
https://notcve.org/view.php?id=CVE-2018-5161
25 May 2018 — Crafted message headers can cause a Thunderbird process to hang on receiving the message. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8. Las cabeceras de mensaje manipuladas pueden hacer que un proceso Thunderbird deje de responder al recibir el mensaje. Esta vulnerabilidad afecta a las versiones anteriores a la 52.8 de Thunderbird ESR y las versiones anteriores a la 52.8 de Thunderbird. Multiple security issues were discovered in Thunderbird. • http://www.securitytracker.com/id/1040946 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 21EXPL: 0CVE-2018-5184 – Mozilla: Full plaintext recovery in S/MIME via chosen-ciphertext attack
https://notcve.org/view.php?id=CVE-2018-5184
25 May 2018 — Using remote content in encrypted messages can lead to the disclosure of plaintext. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8. El uso de contenido remoto en mensajes cifrados puede conducir a la divulgación de texto en texto plano. Esta vulnerabilidad afecta a las versiones anteriores a la 52.8 de Thunderbird ESR y las versiones anteriores a la 52.8 de Thunderbird. Multiple security issues were discovered in Thunderbird. • http://www.securityfocus.com/bid/104240 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-326: Inadequate Encryption Strength •
CVSS: 6.5EPSS: 0%CPEs: 19EXPL: 0CVE-2018-5185 – Mozilla: Leaking plaintext through HTML forms
https://notcve.org/view.php?id=CVE-2018-5185
25 May 2018 — Plaintext of decrypted emails can leak through by user submitting an embedded form. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8. El texto en texto plano de los correos electrónicos descifrados puede filtrarse si el usuario envía un formulario embebido. Esta vulnerabilidad afecta a las versiones anteriores a la 52.8 de Thunderbird ESR y las versiones anteriores a la 52.8 de Thunderbird. Multiple security issues were discovered in Thunderbird. • http://www.securityfocus.com/bid/104240 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-311: Missing Encryption of Sensitive Data •
CVSS: 7.5EPSS: 0%CPEs: 19EXPL: 0CVE-2018-5162 – Mozilla: Encrypted mail leaks plaintext through src attribute
https://notcve.org/view.php?id=CVE-2018-5162
25 May 2018 — Plaintext of decrypted emails can leak through the src attribute of remote images, or links. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8. El texto plano de los correos electrónicos descifrados puede filtrarse a través del atributo src de imágenes remotas o enlaces. Esta vulnerabilidad afecta a las versiones anteriores a la 52.8 de Thunderbird ESR y las versiones anteriores a la 52.8 de Thunderbird. Multiple security issues were discovered in Thunderbird. • http://www.securityfocus.com/bid/104240 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-311: Missing Encryption of Sensitive Data •
CVSS: 8.1EPSS: 0%CPEs: 20EXPL: 0CVE-2018-5178 – Mozilla: Buffer overflow during UTF-8 to Unicode string conversion through legacy extension
https://notcve.org/view.php?id=CVE-2018-5178
11 May 2018 — A buffer overflow was found during UTF8 to Unicode string conversion within JavaScript with extremely large amounts of data. This vulnerability requires the use of a malicious or vulnerable legacy extension in order to occur. This vulnerability affects Thunderbird ESR < 52.8, Thunderbird < 52.8, and Firefox ESR < 52.8. Se ha encontrado un desbordamiento de búfer durante la conversión de cadenas UTF8 a Unicode dentro de JavaScript con cantidades de datos extremadamente grandes. Esta vulnerabilidad requiere e... • http://www.securityfocus.com/bid/104138 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 0%CPEs: 21EXPL: 0CVE-2018-5150 – Mozilla: Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8
https://notcve.org/view.php?id=CVE-2018-5150
11 May 2018 — Memory safety bugs were reported in Firefox 59, Firefox ESR 52.7, and Thunderbird 52.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8. Se han informado de errores de seguridad de memoria en Firefox 55, Firefox ESR 52.7 y Thunderbird 52.7. Algunos de estos errores mostraron evidencias de corrup... • http://www.securityfocus.com/bid/104136 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 32%CPEs: 21EXPL: 2CVE-2018-5159 – Skia and Firefox - Integer Overflow in SkTDArray Leading to Out-of-Bounds Write
https://notcve.org/view.php?id=CVE-2018-5159
11 May 2018 — An integer overflow can occur in the Skia library due to 32-bit integer use in an array without integer overflow checks, resulting in possible out-of-bounds writes. This could lead to a potentially exploitable crash triggerable by web content. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8. Puede ocurrir un desbordamiento de enteros en la biblioteca Skia debido al uso de números enteros de 32 bits en un array sin verificaciones de desbordamiento d... • https://packetstorm.news/files/id/147843 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 21EXPL: 0CVE-2018-5154 – Mozilla: Use-after-free with SVG animations and clip paths
https://notcve.org/view.php?id=CVE-2018-5154
11 May 2018 — A use-after-free vulnerability can occur while enumerating attributes during SVG animations with clip paths. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8. Puede ocurrir una vulnerabilidad de uso de memoria previamente liberada cuando se enumeran atributos durante las animaciones SVG con las rutas de clips. Esto resulta en un cierre inesperado explotable. • http://www.securityfocus.com/bid/104136 • CWE-416: Use After Free •
CVSS: 9.8EPSS: 0%CPEs: 21EXPL: 0CVE-2018-5155 – Mozilla: Use-after-free with SVG animations and text paths
https://notcve.org/view.php?id=CVE-2018-5155
11 May 2018 — A use-after-free vulnerability can occur while adjusting layout during SVG animations with text paths. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8. Puede ocurrir una vulnerabilidad de uso de memoria previamente liberada cuando se ajusta la disposición durante las animaciones SVG con rutas de texto. Esto resulta en un cierre inesperado explotable. • http://www.securityfocus.com/bid/104136 • CWE-416: Use After Free •
CVSS: 6.1EPSS: 0%CPEs: 21EXPL: 0CVE-2018-5168 – Mozilla: Lightweight themes can be installed without user interaction
https://notcve.org/view.php?id=CVE-2018-5168
11 May 2018 — Sites can bypass security checks on permissions to install lightweight themes by manipulating the "baseURI" property of the theme element. This could allow a malicious site to install a theme without user interaction which could contain offensive or embarrassing images. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8. Los sitios pueden omitir las comprobaciones de seguridad de los permisos para instalar temas ligeros manipulando la propiedad "baseU... • http://www.securityfocus.com/bid/104136 • CWE-862: Missing Authorization •