CVSS: 9.1EPSS: 0%CPEs: 18EXPL: 1CVE-2017-7753 – Mozilla: Out-of-bounds read with cached style data and pseudo-elements (MFSA 2017-19)
https://notcve.org/view.php?id=CVE-2017-7753
10 Aug 2017 — An out-of-bounds read occurs when applying style rules to pseudo-elements, such as ::first-line, using cached style data. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. Ocurre una lectura fuera de límites al aplicar reglas de estilo a pseudo-elementos, como ::first-line, mediante el uso de datos de estilo en caché. La vulnerabilidad afecta a Thunderbird en versiones anteriores a la 52.3, Firefox ESR en versiones anteriores a la 52.3 y Firefox en versiones anteriores a l... • http://www.securityfocus.com/bid/100315 • CWE-125: Out-of-bounds Read •
CVSS: 8.1EPSS: 0%CPEs: 18EXPL: 1CVE-2017-7807 – Mozilla: Domain hijacking through appcache fallback (MFSA 2017-19)
https://notcve.org/view.php?id=CVE-2017-7807
10 Aug 2017 — A mechanism that uses AppCache to hijack a URL in a domain using fallback by serving the files from a sub-path on the domain. This has been addressed by requiring fallback files be inside the manifest directory. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. Un mecanismo que utiliza AppCache para secuestrar una URL en un dominio utilizando fallback sirviendo los archivos desde una subruta en el dominio. Esto se ha solucionado al requerir que los archivos fallback estén ... • http://www.securityfocus.com/bid/100242 • CWE-20: Improper Input Validation CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVSS: 10.0EPSS: 0%CPEs: 14EXPL: 0CVE-2017-7779 – Mozilla: Memory safety bugs fixed in Firefox 55 and Firefox ESR 52.3 (MFSA 2017-19)
https://notcve.org/view.php?id=CVE-2017-7779
10 Aug 2017 — Memory safety bugs were reported in Firefox 54, Firefox ESR 52.2, and Thunderbird 52.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. Se han reportado errores de seguridad de memoria en Firefox 54, Firefox ESR 52.2, y Thunderbird 52.2. Algunos de estos errores mostraron evidencias de corrupción de memoria y se entie... • http://www.securityfocus.com/bid/100201 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 1%CPEs: 23EXPL: 1CVE-2017-7786 – Mozilla: Buffer overflow while painting non-displayable SVG (MFSA 2017-19)
https://notcve.org/view.php?id=CVE-2017-7786
10 Aug 2017 — A buffer overflow can occur when the image renderer attempts to paint non-displayable SVG elements. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. Puede ocurrir un desbordamiento de búfer cuando el renderizador de imagen intenta pintar elementos SVG no mostrables. Esto resulta en un cierre inesperado potencialmente explotable. • http://www.securityfocus.com/bid/100206 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 22EXPL: 1CVE-2017-7787 – Mozilla: Same-origin policy bypass with iframes through page reloads (MFSA 2017-19)
https://notcve.org/view.php?id=CVE-2017-7787
10 Aug 2017 — Same-origin policy protections can be bypassed on pages with embedded iframes during page reloads, allowing the iframes to access content on the top level page, leading to information disclosure. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. Las protecciones de política del mismo origen se pueden omitir en páginas con iframes embebidos durante la recarga de páginas, lo que permite que los iframes accedan a contenido en la página de nivel más alto, lo que conduce a una ... • http://www.securityfocus.com/bid/100234 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-863: Incorrect Authorization •
CVSS: 7.5EPSS: 0%CPEs: 14EXPL: 1CVE-2017-7803 – Mozilla: CSP directives improperly applied with sandbox flag in iframes (MFSA 2017-19)
https://notcve.org/view.php?id=CVE-2017-7803
10 Aug 2017 — When a page's content security policy (CSP) header contains a "sandbox" directive, other directives are ignored. This results in the incorrect enforcement of CSP. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. Cuando la cabecera CSP (Content Security Policy) de una página contiene una directiva "sandbox", se ignoran otras directivas. Esto resulta en el cumplimiento incorrecto de CSP. • http://www.securityfocus.com/bid/100234 • CWE-269: Improper Privilege Management CWE-863: Incorrect Authorization •
CVSS: 9.8EPSS: 1%CPEs: 22EXPL: 1CVE-2017-7785 – Mozilla: Buffer overflow manipulating ARIA elements in DOM (MFSA 2017-19)
https://notcve.org/view.php?id=CVE-2017-7785
10 Aug 2017 — A buffer overflow can occur when manipulating Accessible Rich Internet Applications (ARIA) attributes within the DOM. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. Puede ocurrir un desbordamiento de búfer al manipular atributos ARIA (Accessible Rich Internet Applications) en el DOM. Esto resulta en un cierre inesperado potencialmente explotable. • http://www.securityfocus.com/bid/100206 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 0%CPEs: 18EXPL: 1CVE-2017-7800 – Mozilla: Use-after-free in WebSockets during disconnection (MFSA 2017-19)
https://notcve.org/view.php?id=CVE-2017-7800
10 Aug 2017 — A use-after-free vulnerability can occur in WebSockets when the object holding the connection is freed before the disconnection operation is finished. This results in an exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. Puede ocurrir una vulnerabilidad de uso de memoria previamente liberada en WebSockets cuando el objeto que mantiene la conexión se libera antes de que concluya la operación de desconexión. Esto resulta en un cierre inesperado explotable. • http://www.securityfocus.com/bid/100196 • CWE-416: Use After Free •
CVSS: 9.8EPSS: 0%CPEs: 18EXPL: 0CVE-2017-5472 – Mozilla: Use-after-free using destroyed node when regenerating trees (MFSA 2017-16)
https://notcve.org/view.php?id=CVE-2017-5472
14 Jun 2017 — A use-after-free vulnerability with the frameloader during tree reconstruction while regenerating CSS layout when attempting to use a node in the tree that no longer exists. This results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. Vulnerabilidad de uso de memoria previamente liberada en el frameloader durante la reconstrucción de árboles cuando se regenera el diseño CSS al intentar emplear un nodo en el árbol que ya no existe. Esto... • http://www.securityfocus.com/bid/99040 • CWE-416: Use After Free •
CVSS: 9.8EPSS: 0%CPEs: 18EXPL: 1CVE-2017-7751 – Mozilla: Use-after-free with content viewer listeners (MFSA 2017-16)
https://notcve.org/view.php?id=CVE-2017-7751
14 Jun 2017 — A use-after-free vulnerability with content viewer listeners that results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. Vulnerabilidad de uso de memoria previamente liberada en los escuchadores del visor de contenido que resulta en un cierre inesperado potencialmente explotable. La vulnerabilidad afecta a Firefox en versiones anteriores a la 54, Firefox ESR en versiones anteriores a la 52.2 y Thunderbird en versiones anteriores a la ... • http://www.securityfocus.com/bid/99057 • CWE-416: Use After Free •