CVSS: 9.8EPSS: 0%CPEs: 17EXPL: 0CVE-2017-5464 – Mozilla: Memory corruption with accessibility and DOM manipulation (MFSA 2017-11, MFSA 2017-12)
https://notcve.org/view.php?id=CVE-2017-5464
20 Apr 2017 — During DOM manipulations of the accessibility tree through script, the DOM tree can become out of sync with the accessibility tree, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. Durante la manipulación DOM del árbol de accesibilidad mediante scripts, el árbol DOM puede desincronizarse con el árbol de accesibilidad, lo que conduce a una corrupción de memoria y a un cierre inesperado po... • http://www.securityfocus.com/bid/97940 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 18EXPL: 1CVE-2017-5445 – Mozilla: Uninitialized values used while parsing application/http-index-format content (MFSA 2017-11, MFSA 2017-12)
https://notcve.org/view.php?id=CVE-2017-5445
20 Apr 2017 — A vulnerability while parsing "application/http-index-format" format content where uninitialized values are used to create an array. This could allow the reading of uninitialized memory into the arrays affected. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. Vulnerabilidad al analizar contenido de formato "application/http-index-format" en el que se emplean variables no inicializadas para crear un array. Esto podría permitir la lectura de memoria no ... • http://www.securityfocus.com/bid/97940 • CWE-129: Improper Validation of Array Index •
CVSS: 9.8EPSS: 0%CPEs: 11EXPL: 0CVE-2017-5429 – Mozilla: Memory safety bugs fixed in Firefox 53, Firefox ESR 45.9, and Firefox ESR 52.1 (MFSA 2017-11, MFSA 2017-12)
https://notcve.org/view.php?id=CVE-2017-5429
20 Apr 2017 — Memory safety bugs were reported in Firefox 52, Firefox ESR 45.8, Firefox ESR 52, and Thunderbird 52. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. Se han reportado errores de seguridad de memoria en Firefox 52, Firefox ESR 45.8, Firefox ESR 52 y Thunderbird 52. Algunos de estos errores mostraron... • http://www.securityfocus.com/bid/97940 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 18EXPL: 1CVE-2017-5441 – Mozilla: Use-after-free with selection during scroll events (MFSA 2017-11, MFSA 2017-12)
https://notcve.org/view.php?id=CVE-2017-5441
20 Apr 2017 — A use-after-free vulnerability when holding a selection during scroll events. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. Vulnerabilidad de uso de memoria previamente liberada al mantener una selección durante los eventos de desplazamiento. Esto resulta en un cierre inesperado potencialmente explotable. • http://www.securityfocus.com/bid/97940 • CWE-416: Use After Free •
CVSS: 9.8EPSS: 0%CPEs: 18EXPL: 1CVE-2017-5446 – Mozilla: Out-of-bounds read when HTTP/2 DATA frames are sent with incorrect data (MFSA 2017-11, MFSA 2017-12)
https://notcve.org/view.php?id=CVE-2017-5446
20 Apr 2017 — An out-of-bounds read when an HTTP/2 connection to a servers sends "DATA" frames with incorrect data content. This leads to a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. Lectura fuera de límites cuando una conexión HTTP/2 a un servidor envía frames "DATA" con contenido data erróneo. Esto resulta en un cierre inesperado potencialmente explotable. • http://www.securityfocus.com/bid/97940 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 4%CPEs: 18EXPL: 0CVE-2017-5444 – Mozilla: Buffer overflow while parsing application/http-index-format content (MFSA 2017-11, MFSA 2017-12)
https://notcve.org/view.php?id=CVE-2017-5444
20 Apr 2017 — A buffer overflow vulnerability while parsing "application/http-index-format" format content when the header contains improperly formatted data. This allows for an out-of-bounds read of data from memory. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. Vulnerabilidad de desbordamiento de búfer al analizar contenido de formato "application/http-index-format" cuando la cabecera contiene datos formateados incorrectamente. Esto permite la lectura fuera de ... • http://www.securityfocus.com/bid/97940 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 18EXPL: 1CVE-2017-5460 – Mozilla: Use-after-free in frame selection (MFSA 2017-11, MFSA 2017-12)
https://notcve.org/view.php?id=CVE-2017-5460
20 Apr 2017 — A use-after-free vulnerability in frame selection triggered by a combination of malicious script content and key presses by a user. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. Vulnerabilidad de uso de memoria previamente liberada en la selección de frames desencadenada por una combinación de contenido de script malicioso y pulsaciones de tecla por parte de un usuario. Esto resulta en un cierre inesp... • http://www.securityfocus.com/bid/97940 • CWE-416: Use After Free •
CVSS: 9.8EPSS: 0%CPEs: 18EXPL: 0CVE-2017-5442 – Mozilla: Use-after-free during style changes (MFSA 2017-11, MFSA 2017-12)
https://notcve.org/view.php?id=CVE-2017-5442
20 Apr 2017 — A use-after-free vulnerability during changes in style when manipulating DOM elements. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. Vulnerabilidad de uso de memoria previamente liberada durante los cambios de estilo al manipular elementos DOM. Esto resulta en un cierre inesperado potencialmente explotable. • http://www.securityfocus.com/bid/97940 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 19EXPL: 0CVE-2017-5436 – Mozilla: Out-of-bounds write with malicious font in Graphite 2 (MFSA 2017-11, MFSA 2017-12)
https://notcve.org/view.php?id=CVE-2017-5436
20 Apr 2017 — An out-of-bounds write in the Graphite 2 library triggered with a maliciously crafted Graphite font. This results in a potentially exploitable crash. This issue was fixed in the Graphite 2 library as well as Mozilla products. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. Se desencadena una escritura fuera de límites en la biblioteca Graphite 2 con una fuente Graphite maliciosamente manipulada. • http://www.securityfocus.com/bid/97940 • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 18EXPL: 0CVE-2017-5432 – Mozilla: Use-after-free in text input selection (MFSA 2017-11, MFSA 2017-12)
https://notcve.org/view.php?id=CVE-2017-5432
20 Apr 2017 — A use-after-free vulnerability occurs during certain text input selection resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. Ocurre una vulnerabilidad de uso de memoria previamente liberada durante determinadas selecciones de entrada de texto que resulta en un cierre inesperado potencialmente explotable. La vulnerabilidad afecta a Thunderbird en versiones anteriores a la 52.1, Firefox ESR en versiones anterio... • http://www.securityfocus.com/bid/97940 • CWE-416: Use After Free •