CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 1CVE-2017-7764 – Mozilla: Domain spoofing with combination of Canadian Syllabics and other unicode blocks (MFSA 2017-16)
https://notcve.org/view.php?id=CVE-2017-7764
14 Jun 2017 — Characters from the "Canadian Syllabics" unicode block can be mixed with characters from other unicode blocks in the addressbar instead of being rendered as their raw "punycode" form, allowing for domain name spoofing attacks through character confusion. The current Unicode standard allows characters from "Aspirational Use Scripts" such as Canadian Syllabics to be mixed with Latin characters in the "moderately restrictive" IDN profile. We have changed Firefox behavior to match the upcoming Unicode version 1... • http://www.securityfocus.com/bid/99057 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 18EXPL: 1CVE-2017-7750 – Mozilla: Use-after-free with track elements (MFSA 2017-16)
https://notcve.org/view.php?id=CVE-2017-7750
14 Jun 2017 — A use-after-free vulnerability during video control operations when a "
CVSS: 7.5EPSS: 0%CPEs: 18EXPL: 1CVE-2017-7754 – Mozilla: Out-of-bounds read in WebGL with ImageInfo object (MFSA 2017-16)
https://notcve.org/view.php?id=CVE-2017-7754
14 Jun 2017 — An out-of-bounds read in WebGL with a maliciously crafted "ImageInfo" object during WebGL operations. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. Lectura fuera de límites en WebGL con un objeto "ImageInfo" maliciosamente manipulado durante las operaciones WebGL. La vulnerabilidad afecta a Firefox en versiones anteriores a la 54, Firefox ESR en versiones anteriores a la 52.2 y Thunderbird en versiones anteriores a la 52.2. Multiple security issues were discovered in F... • http://www.securityfocus.com/bid/99057 • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 0%CPEs: 18EXPL: 0CVE-2017-5470 – Mozilla: Memory safety bugs fixed in Firefox 54 and Firefox ESR 52.2 (MFSA 2017-16)
https://notcve.org/view.php?id=CVE-2017-5470
14 Jun 2017 — Memory safety bugs were reported in Firefox 53 and Firefox ESR 52.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. Se han reportado errores de seguridad de memoria en Firefox 53 y Firefox ESR 52.1. Algunos de estos errores mostraron evidencias de corrupción de memoria y se entiende que, con el suficiente esfuerzo, a... • http://www.securityfocus.com/bid/99041 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 6%CPEs: 6EXPL: 0CVE-2017-7778 – Mozilla: Vulnerabilities in the Graphite 2 library (MFSA 2017-16)
https://notcve.org/view.php?id=CVE-2017-7778
14 Jun 2017 — A number of security vulnerabilities in the Graphite 2 library including out-of-bounds reads, buffer overflow reads and writes, and the use of uninitialized memory. These issues were addressed in Graphite 2 version 1.3.10. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. Hay una serie de vulnerabilidades de seguridad en la biblioteca Graphite 2, incluyendo lecturas fuera de límites, lecturas y escrituras por desbordamiento de búfer y el uso de memoria no inicializada. Est... • http://www.securityfocus.com/bid/99057 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 18EXPL: 0CVE-2017-7749 – Mozilla: Use-after-free during docshell reloading (MFSA 2017-16)
https://notcve.org/view.php?id=CVE-2017-7749
14 Jun 2017 — A use-after-free vulnerability when using an incorrect URL during the reloading of a docshell. This results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. Vulnerabilidad de uso de memoria previamente liberada al emplear una URL incorrecta durante la recarga de un docshell. Esto resulta en un cierre inesperado potencialmente explotable. • http://www.securityfocus.com/bid/99057 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 18EXPL: 0CVE-2017-7752 – Mozilla: Use-after-free with IME input (MFSA 2017-16)
https://notcve.org/view.php?id=CVE-2017-7752
14 Jun 2017 — A use-after-free vulnerability during specific user interactions with the input method editor (IME) in some languages due to how events are handled. This results in a potentially exploitable crash but would require specific user interaction to trigger. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. Vulnerabilidad de uso de memoria previamente liberada durante interacciones de usuario específicas con el IME (input method editor) en algunos lenguajes debido a la forma en ... • http://www.securityfocus.com/bid/99057 • CWE-416: Use After Free •
CVSS: 9.8EPSS: 1%CPEs: 6EXPL: 0CVE-2017-5430 – Mozilla: Memory safety bugs fixed in Firefox 53 and Firefox ESR 52.1 (MFSA 2017-12)
https://notcve.org/view.php?id=CVE-2017-5430
21 Apr 2017 — Memory safety bugs were reported in Firefox 52, Firefox ESR 52, and Thunderbird 52. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53. Se han reportado errores de seguridad de memoria en Firefox 52, Firefox ESR 52, y Thunderbird 52. Algunos de estos errores mostraron evidencias de corrupción de memoria y se entiende que,... • http://www.securityfocus.com/bid/97940 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 1%CPEs: 11EXPL: 1CVE-2017-5456 – Mozilla: Sandbox escape allowing local file system read access (MFSA 2017-12)
https://notcve.org/view.php?id=CVE-2017-5456
21 Apr 2017 — A mechanism to bypass file system access protections in the sandbox using the file system request constructor through an IPC message. This allows for read and write access to the local file system. This vulnerability affects Firefox ESR < 52.1 and Firefox < 53. Mecanismo para omitir las protecciones de acceso al sistema de archivos en el sandbox mediante el constructor de peticiones al sistema de archivos mediante un mensaje IPC. Esto permite acceso de lectura y escritura al sistema de archivos local. • http://www.securityfocus.com/bid/97940 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.5EPSS: 0%CPEs: 11EXPL: 1CVE-2017-5455 – Mozilla: Sandbox escape through internal feed reader APIs (MFSA 2017-12)
https://notcve.org/view.php?id=CVE-2017-5455
21 Apr 2017 — The internal feed reader APIs that crossed the sandbox barrier allowed for a sandbox escape and escalation of privilege if combined with another vulnerability that resulted in remote code execution inside the sandboxed process. This vulnerability affects Firefox ESR < 52.1 and Firefox < 53. Las API del lector de feeds interno que cruzaron la barrera del sandbox permitieron un escape del sandbox y un escalado de privilegios si se combinaban con otra vulnerabilidad que resultaba en la ejecución remota de códi... • http://www.securityfocus.com/bid/97940 •