CVSS: 9.8EPSS: 1%CPEs: 16EXPL: 0CVE-2018-5096 – Mozilla: Use-after-free while editing form elements (MFSA 2018-03)
https://notcve.org/view.php?id=CVE-2018-5096
24 Jan 2018 — A use-after-free vulnerability can occur while editing events in form elements on a page, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR < 52.6 and Thunderbird < 52.6. Puede ocurrir una vulnerabilidad de uso de memoria previamente liberada cuando se editan eventos en elementos de formularios en una página, resultando en un cierre inesperado potencialmente explotable. Esta vulnerabilidad afecta a las versiones anteriores a la 52.6 de Firefox ESR y las versiones anteriore... • http://www.securityfocus.com/bid/102771 • CWE-416: Use After Free •
CVSS: 9.8EPSS: 22%CPEs: 18EXPL: 0CVE-2018-5097 – Mozilla: Use-after-free when source document is manipulated during XSLT (MFSA 2018-03)
https://notcve.org/view.php?id=CVE-2018-5097
24 Jan 2018 — A use-after-free vulnerability can occur during XSL transformations when the source document for the transformation is manipulated by script content during the transformation. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58. Puede ocurrir una vulnerabilidad de uso de memoria previamente liberada durante las transformaciones XSL cuando el documento de origen para la transformación se manipula con scripts durante la transform... • http://www.securityfocus.com/bid/102783 • CWE-416: Use After Free •
CVSS: 9.8EPSS: 2%CPEs: 18EXPL: 0CVE-2018-5098 – Mozilla: Use-after-free while manipulating form input elements (MFSA 2018-03)
https://notcve.org/view.php?id=CVE-2018-5098
24 Jan 2018 — A use-after-free vulnerability can occur when form input elements, focus, and selections are manipulated by script content. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58. Puede ocurrir una vulnerabilidad de uso de memoria previamente liberada cuando los elementos de entrada del formulario, el foco y la selección se manipulan mediante un script. Esto resulta en un cierre inesperado explotable. • http://www.securityfocus.com/bid/102783 • CWE-416: Use After Free •
CVSS: 9.8EPSS: 2%CPEs: 18EXPL: 0CVE-2018-5099 – Mozilla: Use-after-free with widget listener (MFSA 2018-03)
https://notcve.org/view.php?id=CVE-2018-5099
24 Jan 2018 — A use-after-free vulnerability can occur when the widget listener is holding strong references to browser objects that have previously been freed, resulting in a potentially exploitable crash when these references are used. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58. Puede ocurrir una vulnerabilidad de uso de memoria previamente liberada cuando el listener de widgets tiene referencias robustas con los objetos del navegador que se han liberado previamente, resultando ... • http://www.securityfocus.com/bid/102783 • CWE-416: Use After Free •
CVSS: 9.8EPSS: 22%CPEs: 18EXPL: 0CVE-2018-5102 – Mozilla: Use-after-free in HTML media elements (MFSA 2018-03)
https://notcve.org/view.php?id=CVE-2018-5102
24 Jan 2018 — A use-after-free vulnerability can occur when manipulating HTML media elements with media streams, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58. Puede ocurrir una vulnerabilidad de uso de memoria previamente liberada cuando se manipulan elementos HTML media con media streams, resultando en un cierre inesperado potencialmente explotable. Esta vulnerabilidad afecta a las versiones anteriores a la 52.6 de Thunderbird, las vers... • http://www.securityfocus.com/bid/102783 • CWE-416: Use After Free •
CVSS: 9.8EPSS: 2%CPEs: 18EXPL: 0CVE-2018-5103 – Mozilla: Use-after-free during mouse event handling (MFSA 2018-03)
https://notcve.org/view.php?id=CVE-2018-5103
24 Jan 2018 — A use-after-free vulnerability can occur during mouse event handling due to issues with multiprocess support. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58. Puede ocurrir una vulnerabilidad de uso de memoria previamente liberada durante el manejo de eventos de ratón debido a problemas con el soporte multiproceso. Esto resulta en un cierre inesperado explotable. • http://www.securityfocus.com/bid/102783 • CWE-416: Use After Free •
CVSS: 9.8EPSS: 22%CPEs: 18EXPL: 0CVE-2018-5104 – Mozilla: Use-after-free during font face manipulation (MFSA 2018-03)
https://notcve.org/view.php?id=CVE-2018-5104
24 Jan 2018 — A use-after-free vulnerability can occur during font face manipulation when a font face is freed while still in use, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58. Puede ocurrir una vulnerabilidad de uso de memoria previamente liberada durante la manipulación de font-face cuando una regla font face se libera mientras se utiliza, resultando en un cierre inesperado potencialmente explotable. Esta vulnerabilidad afecta a las ve... • http://www.securityfocus.com/bid/102783 • CWE-416: Use After Free •
CVSS: 6.1EPSS: 1%CPEs: 22EXPL: 0CVE-2018-5117 – Mozilla: URL spoofing with right-to-left text aligned left-to-right (MFSA 2018-03)
https://notcve.org/view.php?id=CVE-2018-5117
24 Jan 2018 — If right-to-left text is used in the addressbar with left-to-right alignment, it is possible in some circumstances to scroll this text to spoof the displayed URL. This issue could result in the wrong URL being displayed as a location, which can mislead users to believe they are on a different site than the one loaded. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58. Si se utiliza texto de derecha a izquierda en la barra de direcciones con alineación de izquierda a derecha... • http://www.securityfocus.com/bid/102783 • CWE-451: User Interface (UI) Misrepresentation of Critical Information •
CVSS: 5.3EPSS: 1%CPEs: 16EXPL: 1CVE-2017-7829 – Mozilla: From address with encoded null character is cut off in message header display
https://notcve.org/view.php?id=CVE-2017-7829
29 Dec 2017 — It is possible to spoof the sender's email address and display an arbitrary sender address to the email recipient. The real sender's address is not displayed if preceded by a null character in the display string. This vulnerability affects Thunderbird < 52.5.2. Es posible suplantar la dirección de correo del remitente y mostrar una dirección de envío arbitraria al correo receptor. La dirección de envío real no se muestra si viene precedida de un carácter nulo en la cadena de muestra. • http://www.securityfocus.com/bid/102258 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 1%CPEs: 13EXPL: 0CVE-2017-7846 – Mozilla: JavaScript Execution via RSS in mailbox:// origin
https://notcve.org/view.php?id=CVE-2017-7846
29 Dec 2017 — It is possible to execute JavaScript in the parsed RSS feed when RSS feed is viewed as a website, e.g. via "View -> Feed article -> Website" or in the standard format of "View -> Feed article -> default format". This vulnerability affects Thunderbird < 52.5.2. Es posible ejecutar código JavaScript en el canal RSS analizado cuando el canal RSS se ve como un sitio web, por ejemplo, a través de "View -> Feed article -> Website" o en el formato estándar de "View -> Feed article -> default format". La vulnerabil... • http://www.securityfocus.com/bid/102258 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •