CVSS: 7.8EPSS: 0%CPEs: 15EXPL: 0CVE-2017-7814 – Mozilla: Blob and data URLs bypass phishing and malware protection warnings (MFSA 2017-22)
https://notcve.org/view.php?id=CVE-2017-7814
29 Sep 2017 — File downloads encoded with "blob:" and "data:" URL elements bypassed normal file download checks though the Phishing and Malware Protection feature and its block lists of suspicious sites and files. This would allow malicious sites to lure users into downloading executables that would otherwise be detected as suspicious. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4. Las descargas de archivos codificados con elementos URL "blob:" y "data:" omitían las comprobaciones de... • http://www.securityfocus.com/bid/101059 • CWE-20: Improper Input Validation CWE-494: Download of Code Without Integrity Check •
CVSS: 9.8EPSS: 3%CPEs: 18EXPL: 1CVE-2017-7802 – Mozilla: Use-after-free resizing image elements (MFSA 2017-19)
https://notcve.org/view.php?id=CVE-2017-7802
10 Aug 2017 — A use-after-free vulnerability can occur when manipulating the DOM during the resize event of an image element. If these elements have been freed due to a lack of strong references, a potentially exploitable crash may occur when the freed elements are accessed. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. Puede ocurrir una vulnerabilidad de uso de memoria previamente liberada cuando se manipula el DOM durante el evento de redimensionamiento de un elemento "image". Si ... • http://www.securityfocus.com/bid/100202 • CWE-416: Use After Free •
CVSS: 9.8EPSS: 5%CPEs: 18EXPL: 1CVE-2017-7800 – Mozilla: Use-after-free in WebSockets during disconnection (MFSA 2017-19)
https://notcve.org/view.php?id=CVE-2017-7800
10 Aug 2017 — A use-after-free vulnerability can occur in WebSockets when the object holding the connection is freed before the disconnection operation is finished. This results in an exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. Puede ocurrir una vulnerabilidad de uso de memoria previamente liberada en WebSockets cuando el objeto que mantiene la conexión se libera antes de que concluya la operación de desconexión. Esto resulta en un cierre inesperado explotable. • http://www.securityfocus.com/bid/100196 • CWE-416: Use After Free •
CVSS: 10.0EPSS: 2%CPEs: 14EXPL: 0CVE-2017-7779 – Mozilla: Memory safety bugs fixed in Firefox 55 and Firefox ESR 52.3 (MFSA 2017-19)
https://notcve.org/view.php?id=CVE-2017-7779
10 Aug 2017 — Memory safety bugs were reported in Firefox 54, Firefox ESR 52.2, and Thunderbird 52.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. Se han reportado errores de seguridad de memoria en Firefox 54, Firefox ESR 52.2, y Thunderbird 52.2. Algunos de estos errores mostraron evidencias de corrupción de memoria y se entie... • http://www.securityfocus.com/bid/100201 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 11%CPEs: 22EXPL: 1CVE-2017-7785 – Mozilla: Buffer overflow manipulating ARIA elements in DOM (MFSA 2017-19)
https://notcve.org/view.php?id=CVE-2017-7785
10 Aug 2017 — A buffer overflow can occur when manipulating Accessible Rich Internet Applications (ARIA) attributes within the DOM. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. Puede ocurrir un desbordamiento de búfer al manipular atributos ARIA (Accessible Rich Internet Applications) en el DOM. Esto resulta en un cierre inesperado potencialmente explotable. • http://www.securityfocus.com/bid/100206 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 9.1EPSS: 2%CPEs: 18EXPL: 1CVE-2017-7753 – Mozilla: Out-of-bounds read with cached style data and pseudo-elements (MFSA 2017-19)
https://notcve.org/view.php?id=CVE-2017-7753
10 Aug 2017 — An out-of-bounds read occurs when applying style rules to pseudo-elements, such as ::first-line, using cached style data. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. Ocurre una lectura fuera de límites al aplicar reglas de estilo a pseudo-elementos, como ::first-line, mediante el uso de datos de estilo en caché. La vulnerabilidad afecta a Thunderbird en versiones anteriores a la 52.3, Firefox ESR en versiones anteriores a la 52.3 y Firefox en versiones anteriores a l... • http://www.securityfocus.com/bid/100315 • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 3%CPEs: 17EXPL: 0CVE-2017-7798 – Mozilla: XUL injection in the style editor in devtools (MFSA 2017-19)
https://notcve.org/view.php?id=CVE-2017-7798
10 Aug 2017 — The Developer Tools feature suffers from a XUL injection vulnerability due to improper sanitization of the web page source code. In the worst case, this could allow arbitrary code execution when opening a malicious page with the style editor tool. This vulnerability affects Firefox ESR < 52.3 and Firefox < 55. La característica Developer Tools sufre de una vulnerabilidad de inyección XUL debido al saneamiento incorrecto del código fuente de la página web. En el peor de los casos, esto podría permitir la eje... • http://www.securityfocus.com/bid/100198 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 3%CPEs: 18EXPL: 1CVE-2017-7809 – Mozilla: Use-after-free while deleting attached editor DOM node (MFSA 2017-19)
https://notcve.org/view.php?id=CVE-2017-7809
10 Aug 2017 — A use-after-free vulnerability can occur when an editor DOM node is deleted prematurely during tree traversal while still bound to the document. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. Puede ocurrir una vulnerabilidad de uso de memoria previamente liberada cuando un nodo DOM editor se borra de manera prematura durante el salto de árbol cuando aún sigue vinculado al documento. Esto resulta en un cierre inesperado ex... • http://www.securityfocus.com/bid/100203 • CWE-416: Use After Free •
CVSS: 8.1EPSS: 0%CPEs: 18EXPL: 1CVE-2017-7807 – Mozilla: Domain hijacking through appcache fallback (MFSA 2017-19)
https://notcve.org/view.php?id=CVE-2017-7807
10 Aug 2017 — A mechanism that uses AppCache to hijack a URL in a domain using fallback by serving the files from a sub-path on the domain. This has been addressed by requiring fallback files be inside the manifest directory. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. Un mecanismo que utiliza AppCache para secuestrar una URL en un dominio utilizando fallback sirviendo los archivos desde una subruta en el dominio. Esto se ha solucionado al requerir que los archivos fallback estén ... • http://www.securityfocus.com/bid/100242 • CWE-20: Improper Input Validation CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVSS: 9.8EPSS: 6%CPEs: 22EXPL: 1CVE-2017-7784 – Mozilla: Use-after-free with image observers (MFSA 2017-19)
https://notcve.org/view.php?id=CVE-2017-7784
10 Aug 2017 — A use-after-free vulnerability can occur when reading an image observer during frame reconstruction after the observer has been freed. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. Puede ocurrir una vulnerabilidad de uso de memoria previamente liberada al leer un observador de imagen durante la reconstrucción de frames una vez se ha liberado el observador. Esto resulta en un cierre inesperado potencialmente explotable. • http://www.securityfocus.com/bid/100202 • CWE-416: Use After Free •