CVSS: 9.8EPSS: 3%CPEs: 18EXPL: 1CVE-2017-7801 – Mozilla: Use-after-free with marquee during window resizing
https://notcve.org/view.php?id=CVE-2017-7801
10 Aug 2017 — A use-after-free vulnerability can occur while re-computing layout for a "marquee" element during window resizing where the updated style object is freed while still in use. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. Puede ocurrir una vulnerabilidad de uso de memoria previamente liberada cuando vuelve a calcular la disposición del elemento "marquee" durante el reajuste del tamaño de la ventana cuando el objeto estilo ... • http://www.securityfocus.com/bid/100197 • CWE-416: Use After Free •
CVSS: 9.8EPSS: 3%CPEs: 18EXPL: 1CVE-2017-7802 – Mozilla: Use-after-free resizing image elements (MFSA 2017-19)
https://notcve.org/view.php?id=CVE-2017-7802
10 Aug 2017 — A use-after-free vulnerability can occur when manipulating the DOM during the resize event of an image element. If these elements have been freed due to a lack of strong references, a potentially exploitable crash may occur when the freed elements are accessed. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. Puede ocurrir una vulnerabilidad de uso de memoria previamente liberada cuando se manipula el DOM durante el evento de redimensionamiento de un elemento "image". Si ... • http://www.securityfocus.com/bid/100202 • CWE-416: Use After Free •
CVSS: 7.5EPSS: 1%CPEs: 14EXPL: 1CVE-2017-7803 – Mozilla: CSP directives improperly applied with sandbox flag in iframes (MFSA 2017-19)
https://notcve.org/view.php?id=CVE-2017-7803
10 Aug 2017 — When a page's content security policy (CSP) header contains a "sandbox" directive, other directives are ignored. This results in the incorrect enforcement of CSP. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. Cuando la cabecera CSP (Content Security Policy) de una página contiene una directiva "sandbox", se ignoran otras directivas. Esto resulta en el cumplimiento incorrecto de CSP. • http://www.securityfocus.com/bid/100234 • CWE-269: Improper Privilege Management CWE-863: Incorrect Authorization •
CVSS: 8.1EPSS: 0%CPEs: 18EXPL: 1CVE-2017-7807 – Mozilla: Domain hijacking through appcache fallback (MFSA 2017-19)
https://notcve.org/view.php?id=CVE-2017-7807
10 Aug 2017 — A mechanism that uses AppCache to hijack a URL in a domain using fallback by serving the files from a sub-path on the domain. This has been addressed by requiring fallback files be inside the manifest directory. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. Un mecanismo que utiliza AppCache para secuestrar una URL en un dominio utilizando fallback sirviendo los archivos desde una subruta en el dominio. Esto se ha solucionado al requerir que los archivos fallback estén ... • http://www.securityfocus.com/bid/100242 • CWE-20: Improper Input Validation CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVSS: 9.8EPSS: 3%CPEs: 18EXPL: 1CVE-2017-7809 – Mozilla: Use-after-free while deleting attached editor DOM node (MFSA 2017-19)
https://notcve.org/view.php?id=CVE-2017-7809
10 Aug 2017 — A use-after-free vulnerability can occur when an editor DOM node is deleted prematurely during tree traversal while still bound to the document. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. Puede ocurrir una vulnerabilidad de uso de memoria previamente liberada cuando un nodo DOM editor se borra de manera prematura durante el salto de árbol cuando aún sigue vinculado al documento. Esto resulta en un cierre inesperado ex... • http://www.securityfocus.com/bid/100203 • CWE-416: Use After Free •
CVSS: 9.8EPSS: 3%CPEs: 18EXPL: 0CVE-2017-5470 – Mozilla: Memory safety bugs fixed in Firefox 54 and Firefox ESR 52.2 (MFSA 2017-16)
https://notcve.org/view.php?id=CVE-2017-5470
14 Jun 2017 — Memory safety bugs were reported in Firefox 53 and Firefox ESR 52.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. Se han reportado errores de seguridad de memoria en Firefox 53 y Firefox ESR 52.1. Algunos de estos errores mostraron evidencias de corrupción de memoria y se entiende que, con el suficiente esfuerzo, a... • http://www.securityfocus.com/bid/99041 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 3%CPEs: 18EXPL: 0CVE-2017-5472 – Mozilla: Use-after-free using destroyed node when regenerating trees (MFSA 2017-16)
https://notcve.org/view.php?id=CVE-2017-5472
14 Jun 2017 — A use-after-free vulnerability with the frameloader during tree reconstruction while regenerating CSS layout when attempting to use a node in the tree that no longer exists. This results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. Vulnerabilidad de uso de memoria previamente liberada en el frameloader durante la reconstrucción de árboles cuando se regenera el diseño CSS al intentar emplear un nodo en el árbol que ya no existe. Esto... • http://www.securityfocus.com/bid/99040 • CWE-416: Use After Free •
CVSS: 9.8EPSS: 3%CPEs: 18EXPL: 0CVE-2017-7749 – Mozilla: Use-after-free during docshell reloading (MFSA 2017-16)
https://notcve.org/view.php?id=CVE-2017-7749
14 Jun 2017 — A use-after-free vulnerability when using an incorrect URL during the reloading of a docshell. This results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. Vulnerabilidad de uso de memoria previamente liberada al emplear una URL incorrecta durante la recarga de un docshell. Esto resulta en un cierre inesperado potencialmente explotable. • http://www.securityfocus.com/bid/99057 • CWE-416: Use After Free •
CVSS: 9.8EPSS: 3%CPEs: 18EXPL: 1CVE-2017-7750 – Mozilla: Use-after-free with track elements (MFSA 2017-16)
https://notcve.org/view.php?id=CVE-2017-7750
14 Jun 2017 — A use-after-free vulnerability during video control operations when a "
CVSS: 9.8EPSS: 3%CPEs: 18EXPL: 1CVE-2017-7751 – Mozilla: Use-after-free with content viewer listeners (MFSA 2017-16)
https://notcve.org/view.php?id=CVE-2017-7751
14 Jun 2017 — A use-after-free vulnerability with content viewer listeners that results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. Vulnerabilidad de uso de memoria previamente liberada en los escuchadores del visor de contenido que resulta en un cierre inesperado potencialmente explotable. La vulnerabilidad afecta a Firefox en versiones anteriores a la 54, Firefox ESR en versiones anteriores a la 52.2 y Thunderbird en versiones anteriores a la ... • http://www.securityfocus.com/bid/99057 • CWE-416: Use After Free •