CVSS: 9.8EPSS: 0%CPEs: 18EXPL: 0CVE-2018-5099 – Mozilla: Use-after-free with widget listener (MFSA 2018-03)
https://notcve.org/view.php?id=CVE-2018-5099
24 Jan 2018 — A use-after-free vulnerability can occur when the widget listener is holding strong references to browser objects that have previously been freed, resulting in a potentially exploitable crash when these references are used. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58. Puede ocurrir una vulnerabilidad de uso de memoria previamente liberada cuando el listener de widgets tiene referencias robustas con los objetos del navegador que se han liberado previamente, resultando ... • http://www.securityfocus.com/bid/102783 • CWE-416: Use After Free •
CVSS: 9.8EPSS: 0%CPEs: 16EXPL: 0CVE-2018-5096 – Mozilla: Use-after-free while editing form elements (MFSA 2018-03)
https://notcve.org/view.php?id=CVE-2018-5096
24 Jan 2018 — A use-after-free vulnerability can occur while editing events in form elements on a page, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR < 52.6 and Thunderbird < 52.6. Puede ocurrir una vulnerabilidad de uso de memoria previamente liberada cuando se editan eventos en elementos de formularios en una página, resultando en un cierre inesperado potencialmente explotable. Esta vulnerabilidad afecta a las versiones anteriores a la 52.6 de Firefox ESR y las versiones anteriore... • http://www.securityfocus.com/bid/102771 • CWE-416: Use After Free •
CVSS: 9.8EPSS: 0%CPEs: 18EXPL: 0CVE-2018-5098 – Mozilla: Use-after-free while manipulating form input elements (MFSA 2018-03)
https://notcve.org/view.php?id=CVE-2018-5098
24 Jan 2018 — A use-after-free vulnerability can occur when form input elements, focus, and selections are manipulated by script content. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58. Puede ocurrir una vulnerabilidad de uso de memoria previamente liberada cuando los elementos de entrada del formulario, el foco y la selección se manipulan mediante un script. Esto resulta en un cierre inesperado explotable. • http://www.securityfocus.com/bid/102783 • CWE-416: Use After Free •
CVSS: 9.8EPSS: 0%CPEs: 21EXPL: 0CVE-2018-5091 – Mozilla: Use-after-free with DTMF timers (MFSA 2018-03)
https://notcve.org/view.php?id=CVE-2018-5091
24 Jan 2018 — A use-after-free vulnerability can occur during WebRTC connections when interacting with the DTMF timers. This results in a potentially exploitable crash. This vulnerability affects Firefox ESR < 52.6 and Firefox < 58. Puede ocurrir una vulnerabilidad de uso de memoria previamente liberada durante las conexiones WebRTC cuando se interactúa con los temporizadores DTMF. Esto resulta en un cierre inesperado explotable. • http://www.securityfocus.com/bid/102783 • CWE-416: Use After Free •
CVSS: 6.1EPSS: 0%CPEs: 22EXPL: 0CVE-2018-5117 – Mozilla: URL spoofing with right-to-left text aligned left-to-right (MFSA 2018-03)
https://notcve.org/view.php?id=CVE-2018-5117
24 Jan 2018 — If right-to-left text is used in the addressbar with left-to-right alignment, it is possible in some circumstances to scroll this text to spoof the displayed URL. This issue could result in the wrong URL being displayed as a location, which can mislead users to believe they are on a different site than the one loaded. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58. Si se utiliza texto de derecha a izquierda en la barra de direcciones con alineación de izquierda a derecha... • http://www.securityfocus.com/bid/102783 • CWE-451: User Interface (UI) Misrepresentation of Critical Information •
CVSS: 9.8EPSS: 0%CPEs: 15EXPL: 0CVE-2018-5089 – Mozilla: Memory safety bugs fixed in Firefox 58 and Firefox ESR 52.6 (MFSA 2018-03)
https://notcve.org/view.php?id=CVE-2018-5089
24 Jan 2018 — Memory safety bugs were reported in Firefox 57 and Firefox ESR 52.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58. Se han informado de errores de seguridad de memoria en Firefox 57 y Firefox ESR 52.5. Algunos de estos errores mostraron evidencias de corrupción de memoria y se cree que, con el esfuerzo necesario, se ... • http://www.securityfocus.com/bid/102783 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 0%CPEs: 18EXPL: 0CVE-2018-5103 – Mozilla: Use-after-free during mouse event handling (MFSA 2018-03)
https://notcve.org/view.php?id=CVE-2018-5103
24 Jan 2018 — A use-after-free vulnerability can occur during mouse event handling due to issues with multiprocess support. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58. Puede ocurrir una vulnerabilidad de uso de memoria previamente liberada durante el manejo de eventos de ratón debido a problemas con el soporte multiproceso. Esto resulta en un cierre inesperado explotable. • http://www.securityfocus.com/bid/102783 • CWE-416: Use After Free •
CVSS: 9.8EPSS: 0%CPEs: 18EXPL: 0CVE-2018-5097 – Mozilla: Use-after-free when source document is manipulated during XSLT (MFSA 2018-03)
https://notcve.org/view.php?id=CVE-2018-5097
24 Jan 2018 — A use-after-free vulnerability can occur during XSL transformations when the source document for the transformation is manipulated by script content during the transformation. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58. Puede ocurrir una vulnerabilidad de uso de memoria previamente liberada durante las transformaciones XSL cuando el documento de origen para la transformación se manipula con scripts durante la transform... • http://www.securityfocus.com/bid/102783 • CWE-416: Use After Free •
CVSS: 9.8EPSS: 1%CPEs: 21EXPL: 0CVE-2018-5095 – Mozilla: Integer overflow in Skia library during edge builder allocation (MFSA 2018-03)
https://notcve.org/view.php?id=CVE-2018-5095
24 Jan 2018 — An integer overflow vulnerability in the Skia library when allocating memory for edge builders on some systems with at least 8 GB of RAM. This results in the use of uninitialized memory, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58. Una vulnerabilidad de desbordamiento de enteros en la librería Skia cuando se asigna memoria para los "edge builders" en determinados sistemas con al menos 8 GB de RAM. Esto resulta en el uso de... • http://www.securityfocus.com/bid/102783 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-190: Integer Overflow or Wraparound CWE-908: Use of Uninitialized Resource •
CVSS: 9.8EPSS: 0%CPEs: 18EXPL: 0CVE-2018-5102 – Mozilla: Use-after-free in HTML media elements (MFSA 2018-03)
https://notcve.org/view.php?id=CVE-2018-5102
24 Jan 2018 — A use-after-free vulnerability can occur when manipulating HTML media elements with media streams, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58. Puede ocurrir una vulnerabilidad de uso de memoria previamente liberada cuando se manipulan elementos HTML media con media streams, resultando en un cierre inesperado potencialmente explotable. Esta vulnerabilidad afecta a las versiones anteriores a la 52.6 de Thunderbird, las vers... • http://www.securityfocus.com/bid/102783 • CWE-416: Use After Free •