CVSS: 9.8EPSS: 0%CPEs: 18EXPL: 1CVE-2017-5443 – Mozilla: Out-of-bounds write during BinHex decoding (MFSA 2017-11, MFSA 2017-12)
https://notcve.org/view.php?id=CVE-2017-5443
20 Apr 2017 — An out-of-bounds write vulnerability while decoding improperly formed BinHex format archives. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. Vulnerabilidad de escritura fuera de límites al descodificar archivos de formato BinHex creados incorrectamente. La vulnerabilidad afecta a Thunderbird en versiones anteriores a la 52.1, Firefox ESR en versiones anteriores a la 45.9, Firefox en versiones anteriores a la 52.1 y Firefox en versiones anteriores a l... • http://www.securityfocus.com/bid/97940 • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 45%CPEs: 11EXPL: 1CVE-2017-5428 – Mozilla Firefox createImageBitmap Integer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-5428
17 Mar 2017 — An integer overflow in "createImageBitmap()" was reported through the Pwn2Own contest. The fix for this vulnerability disables the experimental extensions to the "createImageBitmap" API. This function runs in the content sandbox, requiring a second vulnerability to compromise a user's computer. This vulnerability affects Firefox ESR < 52.0.1 and Firefox < 52.0.1. Se ha informado acerca de un desbordamiento de enteros en "createImageBitmap()" a través del concurso Pwn2Own. • http://rhn.redhat.com/errata/RHSA-2017-0558.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 1CVE-2016-10196 – libevent: Stack-buffer overflow in evutil_parse_sockaddr_port()
https://notcve.org/view.php?id=CVE-2016-10196
13 Mar 2017 — Stack-based buffer overflow in the evutil_parse_sockaddr_port function in evutil.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (segmentation fault) via vectors involving a long string in brackets in the ip_as_string argument. Desbordamiento de búfer en la función evutil_parse_sockaddr_port en evutil.c en libevent en versiones anteriores a 2.1.6-beta permite a atacantes provocar una denegación de servicio (fallo de segmentación) a través de vectores que implican una cadena lar... • http://www.debian.org/security/2017/dsa-3789 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 5.6EPSS: 0%CPEs: 22EXPL: 1CVE-2017-5405 – Mozilla: FTP response codes can cause use of uninitialized values for ports (MFSA 2017-06)
https://notcve.org/view.php?id=CVE-2017-5405
08 Mar 2017 — Certain response codes in FTP connections can result in the use of uninitialized values for ports in FTP operations. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8. Ciertos códigos de respuesta en las conexiones FTP pueden resultar en el uso de valores no inicializados para los puertos en las operaciones FTP. La vulnerabilidad afecta a Firefox en versiones anteriores a la 52, Firefox ESR en versiones anteriores a la 45.8, Thunderbird en versiones anteri... • http://rhn.redhat.com/errata/RHSA-2017-0459.html • CWE-1187: DEPRECATED: Use of Uninitialized Resource •
CVSS: 9.8EPSS: 64%CPEs: 21EXPL: 2CVE-2017-5404 – Mozilla Firefox - 'table' Use-After-Free
https://notcve.org/view.php?id=CVE-2017-5404
08 Mar 2017 — A use-after-free error can occur when manipulating ranges in selections with one node inside a native anonymous tree and one node outside of it. This results in a potentially exploitable crash. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8. Puede ocurrir un uso de memoria previamente liberada cuando se manipulan rangos en selecciones con un nodo en un árbol nativo anónimo y un nodo fuera de él. Esto resulta en un cierre inesperado potencialmente explot... • https://www.exploit-db.com/exploits/41660 • CWE-416: Use After Free •
CVSS: 9.8EPSS: 1%CPEs: 21EXPL: 1CVE-2017-5410 – Mozilla: Memory corruption during JavaScript garbage collection incremental sweeping (MFSA 2017-06)
https://notcve.org/view.php?id=CVE-2017-5410
08 Mar 2017 — Memory corruption resulting in a potentially exploitable crash during garbage collection of JavaScript due errors in how incremental sweeping is managed for memory cleanup. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8. Corrupción de memoria que resulta en un cierre inesperado potencialmente explotable durante la recolección de elementos JavaScript no utilizados debido a errores en la forma en la que se gestiona el rastreo incremental para la limpieza ... • http://rhn.redhat.com/errata/RHSA-2017-0459.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 21EXPL: 0CVE-2017-5402 – Mozilla: Use-after-free working with events in FontFace objects (MFSA 2017-06)
https://notcve.org/view.php?id=CVE-2017-5402
08 Mar 2017 — A use-after-free can occur when events are fired for a "FontFace" object after the object has been already been destroyed while working with fonts. This results in a potentially exploitable crash. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8. Puede ocurrir un uso de memoria previamente liberada cuando se lanzan eventos para un objeto "FontFace" una vez el objeto ha sido ya destruido mientras se trabaja con fuentes. Esto resulta en un cierre inesperado... • http://rhn.redhat.com/errata/RHSA-2017-0459.html • CWE-416: Use After Free •
CVSS: 9.8EPSS: 0%CPEs: 18EXPL: 0CVE-2017-5400 – Mozilla: asm.js JIT-spray bypass of ASLR and DEP (MFSA 2017-06)
https://notcve.org/view.php?id=CVE-2017-5400
08 Mar 2017 — JIT-spray targeting asm.js combined with a heap spray allows for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8. Un spray JIT que apunta a asm.js combinado con un heap spray permite la omisión de las protecciones ASLR y DEP, lo que conduce a ataques de corrupción de memoria. La vulnerabilidad afecta a Firefox en versiones anteriores a la 52, Firefox ESR en versiones ant... • http://rhn.redhat.com/errata/RHSA-2017-0459.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 0%CPEs: 22EXPL: 1CVE-2017-5407 – Mozilla: Pixel and history stealing via floating-point timing side channel with SVG filters (MFSA 2017-06)
https://notcve.org/view.php?id=CVE-2017-5407
08 Mar 2017 — Using SVG filters that don't use the fixed point math implementation on a target iframe, a malicious page can extract pixel values from a targeted user. This can be used to extract history information and read text values across domains. This violates same-origin policy and leads to information disclosure. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8. Mediante el uso de filtros SVG que no emplean la implementación de matemática de punto fijo en un ifr... • http://rhn.redhat.com/errata/RHSA-2017-0459.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 0%CPEs: 20EXPL: 0CVE-2017-5398 – Mozilla: Memory safety bugs fixed in Firefox 52 and Firefox ESR 45.8 (MFSA 2017-06)
https://notcve.org/view.php?id=CVE-2017-5398
08 Mar 2017 — Memory safety bugs were reported in Thunderbird 45.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8. Se han reportado errores de seguridad de memoria en Thunderbird 45.7. Algunos de estos errores mostraron evidencias de corrupción de memoria y se entiende que, con el suficiente esfuerzo, algunos de ... • http://rhn.redhat.com/errata/RHSA-2017-0459.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •