CVSS: 7.5EPSS: 2%CPEs: 16EXPL: 0CVE-2017-5449 – Mozilla: Crash during bidirectional unicode manipulation with animation (MFSA 2017-11, MFSA 2017-12)
https://notcve.org/view.php?id=CVE-2017-5449
20 Apr 2017 — A possibly exploitable crash triggered during layout and manipulation of bidirectional unicode text in concert with CSS animations. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53. Cierre inesperado posiblemente explotable desencadenado durante el diseño y manipulación de texto unicode bidireccional junto con animaciones CSS. La vulnerabilidad afecta a Thunderbird en versiones anteriores a la 52.1, Firefox ESR en versiones anteriores a la 52.1 y Firefox en versiones anter... • http://www.securityfocus.com/bid/97940 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 20%CPEs: 16EXPL: 1CVE-2017-5459 – Mozilla: Buffer overflow in WebGL (MFSA 2017-11, MFSA 2017-12)
https://notcve.org/view.php?id=CVE-2017-5459
20 Apr 2017 — A buffer overflow in WebGL triggerable by web content, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. Desbordamiento de búfer en WebGL desencadenable por el contenido web, lo que resulta en un cierre inesperado potencialmente explotable. La vulnerabilidad afecta a Thunderbird en versiones anteriores a la 52.1, Firefox ESR en versiones anteriores a la 45.9, Firefox en versiones anteriores a la 52.1 y Firef... • http://www.securityfocus.com/bid/97940 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 3%CPEs: 18EXPL: 1CVE-2017-5460 – Mozilla: Use-after-free in frame selection (MFSA 2017-11, MFSA 2017-12)
https://notcve.org/view.php?id=CVE-2017-5460
20 Apr 2017 — A use-after-free vulnerability in frame selection triggered by a combination of malicious script content and key presses by a user. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. Vulnerabilidad de uso de memoria previamente liberada en la selección de frames desencadenada por una combinación de contenido de script malicioso y pulsaciones de tecla por parte de un usuario. Esto resulta en un cierre inesp... • http://www.securityfocus.com/bid/97940 • CWE-416: Use After Free •
CVSS: 5.3EPSS: 1%CPEs: 6EXPL: 0CVE-2017-5462 – Gentoo Linux Security Advisory 201705-04
https://notcve.org/view.php?id=CVE-2017-5462
20 Apr 2017 — A flaw in DRBG number generation within the Network Security Services (NSS) library where the internal state V does not correctly carry bits over. The NSS library has been updated to fix this issue to address this issue and Firefox ESR 52.1 has been updated with NSS version 3.28.4. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. Error en la generación de números DRBG en la biblioteca Network Security Services (NSS) cuando el V de estado interno no tra... • http://www.securityfocus.com/bid/97940 • CWE-682: Incorrect Calculation •
CVSS: 9.1EPSS: 19%CPEs: 18EXPL: 3CVE-2017-5465 – Mozilla Firefox < 53 - 'ConvolvePixel' Memory Disclosure
https://notcve.org/view.php?id=CVE-2017-5465
20 Apr 2017 — An out-of-bounds read while processing SVG content in "ConvolvePixel". This results in a crash and also allows for otherwise inaccessible memory being copied into SVG graphic content, which could then displayed. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. Lectura fuera de límites al procesar contenido SVG en "ConvolvePixel". Esto resulta en un cierre inesperado y también permite que memoria normalmente inaccesible se copie en contenido gráfico SVG... • https://packetstorm.news/files/id/142670 • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 9%CPEs: 18EXPL: 0CVE-2017-5469 – Mozilla: Potential Buffer overflow in flex-generated code (MFSA 2017-11, MFSA 2017-12)
https://notcve.org/view.php?id=CVE-2017-5469
20 Apr 2017 — Fixed potential buffer overflows in generated Firefox code due to CVE-2016-6354 issue in Flex. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. Se han solucionado potenciales desbordamientos de búfer en el código Firefox generado debido a un problema CVE-2016-6354 en Flex. La vulnerabilidad afecta a Thunderbird en versiones anteriores a la 52.1, Firefox ESR en versiones anteriores a la 45.9, Firefox en versiones anteriores a la 52.1 y Firefox en versio... • http://www.securityfocus.com/bid/97940 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 4%CPEs: 11EXPL: 1CVE-2017-5428 – Mozilla Firefox createImageBitmap Integer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-5428
17 Mar 2017 — An integer overflow in "createImageBitmap()" was reported through the Pwn2Own contest. The fix for this vulnerability disables the experimental extensions to the "createImageBitmap" API. This function runs in the content sandbox, requiring a second vulnerability to compromise a user's computer. This vulnerability affects Firefox ESR < 52.0.1 and Firefox < 52.0.1. Se ha informado acerca de un desbordamiento de enteros en "createImageBitmap()" a través del concurso Pwn2Own. • http://rhn.redhat.com/errata/RHSA-2017-0558.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 1%CPEs: 6EXPL: 1CVE-2016-10196 – libevent: Stack-buffer overflow in evutil_parse_sockaddr_port()
https://notcve.org/view.php?id=CVE-2016-10196
13 Mar 2017 — Stack-based buffer overflow in the evutil_parse_sockaddr_port function in evutil.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (segmentation fault) via vectors involving a long string in brackets in the ip_as_string argument. Desbordamiento de búfer en la función evutil_parse_sockaddr_port en evutil.c en libevent en versiones anteriores a 2.1.6-beta permite a atacantes provocar una denegación de servicio (fallo de segmentación) a través de vectores que implican una cadena lar... • http://www.debian.org/security/2017/dsa-3789 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 2%CPEs: 20EXPL: 0CVE-2017-5398 – Mozilla: Memory safety bugs fixed in Firefox 52 and Firefox ESR 45.8 (MFSA 2017-06)
https://notcve.org/view.php?id=CVE-2017-5398
08 Mar 2017 — Memory safety bugs were reported in Thunderbird 45.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8. Se han reportado errores de seguridad de memoria en Thunderbird 45.7. Algunos de estos errores mostraron evidencias de corrupción de memoria y se entiende que, con el suficiente esfuerzo, algunos de ... • http://rhn.redhat.com/errata/RHSA-2017-0459.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 1%CPEs: 18EXPL: 0CVE-2017-5400 – Mozilla: asm.js JIT-spray bypass of ASLR and DEP (MFSA 2017-06)
https://notcve.org/view.php?id=CVE-2017-5400
08 Mar 2017 — JIT-spray targeting asm.js combined with a heap spray allows for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8. Un spray JIT que apunta a asm.js combinado con un heap spray permite la omisión de las protecciones ASLR y DEP, lo que conduce a ataques de corrupción de memoria. La vulnerabilidad afecta a Firefox en versiones anteriores a la 52, Firefox ESR en versiones ant... • http://rhn.redhat.com/errata/RHSA-2017-0459.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •