CVSS: 9.8EPSS: 0%CPEs: 13EXPL: 0CVE-2017-5373 – Mozilla: Memory safety bugs fixed in Firefox 51 and Firefox ESR 45.7 (MFSA 2017-01)
https://notcve.org/view.php?id=CVE-2017-5373
Memory safety bugs were reported in Firefox 50.1 and Firefox ESR 45.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51. Se han reportado errores de seguridad de memoria en Firefox 50.1 y Firefox ESR 45.6. Algunos de estos errores mostraron evidencias de corrupción de memoria y se entiende que, con el suficiente esfuerzo, algunos de estos podrían explotarse para ejecutar código arbitrario. • http://rhn.redhat.com/errata/RHSA-2017-0190.html http://rhn.redhat.com/errata/RHSA-2017-0238.html http://www.securityfocus.com/bid/95762 http://www.securitytracker.com/id/1037693 https://bugzilla.mozilla.org/buglist.cgi?bug_id=1322315%2C1328834%2C1322420%2C1285833%2C1285960%2C1328251%2C1331058%2C1325938%2C1325877 https://security.gentoo.org/glsa/201702-13 https://security.gentoo.org/glsa/201702-22 https://www.debian.org/security/2017/dsa-3771 https://www.debian.org/security/2017/dsa- • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 92%CPEs: 13EXPL: 3CVE-2017-5375 – Firefox 44.0.2 - ASM.JS JIT-Spray Remote Code Execution
https://notcve.org/view.php?id=CVE-2017-5375
JIT code allocation can allow for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51. La asignación de código JIT puede permitir la omisión de las protecciones ASLR y DEP, lo que conduce a ataques de corrupción de memoria. La vulnerabilidad afecta a Thunderbird en versiones anteriores a la 45.7, Firefox ESR en versiones anteriores a la 45.7 y Firefox en versiones anteriores a la 51. • https://www.exploit-db.com/exploits/44294 https://www.exploit-db.com/exploits/42327 https://www.exploit-db.com/exploits/44293 http://rhn.redhat.com/errata/RHSA-2017-0190.html http://rhn.redhat.com/errata/RHSA-2017-0238.html http://www.securityfocus.com/bid/95757 http://www.securitytracker.com/id/1037693 https://bugzilla.mozilla.org/show_bug.cgi?id=1325200 https://security.gentoo.org/glsa/201702-13 https://security.gentoo.org/glsa/201702-22 https://www.debian. • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 21EXPL: 0CVE-2017-5376 – Mozilla: Use-after-free in XSL (MFSA 2017-02)
https://notcve.org/view.php?id=CVE-2017-5376
Use-after-free while manipulating XSL in XSLT documents. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51. Uso de memoria previamente liberada al manipular XSL en documentos XSLT. La vulnerabilidad afecta a Thunderbird en versiones anteriores a la 45.7, Firefox ESR en versiones anteriores a la 45.7 y Firefox en versiones anteriores a la 51. • http://rhn.redhat.com/errata/RHSA-2017-0190.html http://rhn.redhat.com/errata/RHSA-2017-0238.html http://www.securityfocus.com/bid/95758 http://www.securitytracker.com/id/1037693 https://bugzilla.mozilla.org/show_bug.cgi?id=1311687 https://security.gentoo.org/glsa/201702-13 https://security.gentoo.org/glsa/201702-22 https://www.debian.org/security/2017/dsa-3771 https://www.debian.org/security/2017/dsa-3832 https://www.mozilla.org/security/advisories/mfsa2017-01 http • CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 21EXPL: 1CVE-2017-5378 – Mozilla: Pointer and frame data leakage of Javascript objects (MFSA 2017-02)
https://notcve.org/view.php?id=CVE-2017-5378
Hashed codes of JavaScript objects are shared between pages. This allows for pointer leaks because an object's address can be discovered through hash codes, and also allows for data leakage of an object's content using these hash codes. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51. Los códigos hasheados de objetos JavaScript se comparten entre páginas. Esto permite fugas de puntero debido a que se puede descubrir la dirección de un objeto por medio de los códigos hash y, además, permite el filtrado de datos del contenido de un objeto mediante estos códigos de hash. • http://rhn.redhat.com/errata/RHSA-2017-0190.html http://rhn.redhat.com/errata/RHSA-2017-0238.html http://www.securityfocus.com/bid/95769 http://www.securitytracker.com/id/1037693 https://bugzilla.mozilla.org/show_bug.cgi?id=1312001 https://bugzilla.mozilla.org/show_bug.cgi?id=1330769 https://security.gentoo.org/glsa/201702-13 https://security.gentoo.org/glsa/201702-22 https://www.debian.org/security/2017/dsa-3771 https://www.debian.org/security/2017/dsa-3832 https • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 21EXPL: 0CVE-2017-5380 – Mozilla: Potential use-after-free during DOM manipulations (MFSA 2017-02)
https://notcve.org/view.php?id=CVE-2017-5380
A potential use-after-free found through fuzzing during DOM manipulation of SVG content. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51. Se ha encontrado un potencial uso de memoria previamente liberada mediante fuzzing durante la manipulación DOM del contenido SVG. La vulnerabilidad afecta a Thunderbird en versiones anteriores a la 45.7, Firefox ESR en versiones anteriores a la 45.7 y Firefox en versiones anteriores a la 51. • http://rhn.redhat.com/errata/RHSA-2017-0190.html http://rhn.redhat.com/errata/RHSA-2017-0238.html http://www.securityfocus.com/bid/95769 http://www.securitytracker.com/id/1037693 https://bugzilla.mozilla.org/show_bug.cgi?id=1322107 https://security.gentoo.org/glsa/201702-13 https://security.gentoo.org/glsa/201702-22 https://www.debian.org/security/2017/dsa-3771 https://www.debian.org/security/2017/dsa-3832 https://www.mozilla.org/security/advisories/mfsa2017-01 http • CWE-416: Use After Free •