CVSS: 9.8EPSS: 5%CPEs: 21EXPL: 1CVE-2017-5401 – Mozilla: Memory Corruption when handling ErrorResult (MFSA 2017-06)
https://notcve.org/view.php?id=CVE-2017-5401
08 Mar 2017 — A crash triggerable by web content in which an "ErrorResult" references unassigned memory due to a logic error. The resulting crash may be exploitable. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8. Un cierre inesperado desencadenable mediante contenido web en el que un "ErrorResult" referencia memoria no asignada debido a un error de lógica. El cierre inesperado resultante podría ser explotado. • http://rhn.redhat.com/errata/RHSA-2017-0459.html • CWE-388: 7PK - Errors •
CVSS: 9.8EPSS: 5%CPEs: 21EXPL: 0CVE-2017-5402 – Mozilla: Use-after-free working with events in FontFace objects (MFSA 2017-06)
https://notcve.org/view.php?id=CVE-2017-5402
08 Mar 2017 — A use-after-free can occur when events are fired for a "FontFace" object after the object has been already been destroyed while working with fonts. This results in a potentially exploitable crash. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8. Puede ocurrir un uso de memoria previamente liberada cuando se lanzan eventos para un objeto "FontFace" una vez el objeto ha sido ya destruido mientras se trabaja con fuentes. Esto resulta en un cierre inesperado... • http://rhn.redhat.com/errata/RHSA-2017-0459.html • CWE-416: Use After Free •
CVSS: 9.8EPSS: 3%CPEs: 2EXPL: 0CVE-2017-5403 – Ubuntu Security Notice USN-3216-1
https://notcve.org/view.php?id=CVE-2017-5403
08 Mar 2017 — When adding a range to an object in the DOM, it is possible to use "addRange" to add the range to an incorrect root object. This triggers a use-after-free, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 52 and Thunderbird < 52. Al añadir un rango a un objeto en el DOM, es posible utilizar "addRange" para añadir el rango a un objeto root incorrecto. Esto desencadena un uso de memoria previamente liberada, lo que resulta en un cierre inesperado potencialmente explotable. • http://www.securityfocus.com/bid/96691 • CWE-416: Use After Free •
CVSS: 9.8EPSS: 31%CPEs: 21EXPL: 2CVE-2017-5404 – Mozilla Firefox - 'table' Use-After-Free
https://notcve.org/view.php?id=CVE-2017-5404
08 Mar 2017 — A use-after-free error can occur when manipulating ranges in selections with one node inside a native anonymous tree and one node outside of it. This results in a potentially exploitable crash. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8. Puede ocurrir un uso de memoria previamente liberada cuando se manipulan rangos en selecciones con un nodo en un árbol nativo anónimo y un nodo fuera de él. Esto resulta en un cierre inesperado potencialmente explot... • https://www.exploit-db.com/exploits/41660 • CWE-416: Use After Free •
CVSS: 5.6EPSS: 2%CPEs: 22EXPL: 1CVE-2017-5405 – Mozilla: FTP response codes can cause use of uninitialized values for ports (MFSA 2017-06)
https://notcve.org/view.php?id=CVE-2017-5405
08 Mar 2017 — Certain response codes in FTP connections can result in the use of uninitialized values for ports in FTP operations. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8. Ciertos códigos de respuesta en las conexiones FTP pueden resultar en el uso de valores no inicializados para los puertos en las operaciones FTP. La vulnerabilidad afecta a Firefox en versiones anteriores a la 52, Firefox ESR en versiones anteriores a la 45.8, Thunderbird en versiones anteri... • http://rhn.redhat.com/errata/RHSA-2017-0459.html • CWE-1187: DEPRECATED: Use of Uninitialized Resource •
CVSS: 7.5EPSS: 3%CPEs: 2EXPL: 1CVE-2017-5406 – Ubuntu Security Notice USN-3216-1
https://notcve.org/view.php?id=CVE-2017-5406
08 Mar 2017 — A segmentation fault can occur in the Skia graphics library during some canvas operations due to issues with mask/clip intersection and empty masks. This vulnerability affects Firefox < 52 and Thunderbird < 52. Puede ocurrir un fallo de segmentación en la biblioteca de gráficos Skia durante algunas operaciones canvas debido a problemas con la intersección de máscaras/clips y las máscaras vacías. La vulnerabilidad afecta a Firefox en versiones anteriores a la 52 y Thunderbird en versiones anteriores a la 52.... • http://www.securityfocus.com/bid/96692 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 1%CPEs: 22EXPL: 1CVE-2017-5407 – Mozilla: Pixel and history stealing via floating-point timing side channel with SVG filters (MFSA 2017-06)
https://notcve.org/view.php?id=CVE-2017-5407
08 Mar 2017 — Using SVG filters that don't use the fixed point math implementation on a target iframe, a malicious page can extract pixel values from a targeted user. This can be used to extract history information and read text values across domains. This violates same-origin policy and leads to information disclosure. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8. Mediante el uso de filtros SVG que no emplean la implementación de matemática de punto fijo en un ifr... • http://rhn.redhat.com/errata/RHSA-2017-0459.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 1%CPEs: 21EXPL: 1CVE-2017-5408 – Mozilla: Cross-origin reading of video captions in violation of CORS (MFSA 2017-06)
https://notcve.org/view.php?id=CVE-2017-5408
08 Mar 2017 — Video files loaded video captions cross-origin without checking for the presence of CORS headers permitting such cross-origin use, leading to potential information disclosure for video captions. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8. Los archivos de vídeo cargaron capturas de vídeo Cross-Origin sin comprobar la presencia de cabeceras CORS que permiten tal uso de Cross-Origin, lo que conduce a una potencial divulgación de información para captur... • http://rhn.redhat.com/errata/RHSA-2017-0459.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 6%CPEs: 21EXPL: 1CVE-2017-5410 – Mozilla: Memory corruption during JavaScript garbage collection incremental sweeping (MFSA 2017-06)
https://notcve.org/view.php?id=CVE-2017-5410
08 Mar 2017 — Memory corruption resulting in a potentially exploitable crash during garbage collection of JavaScript due errors in how incremental sweeping is managed for memory cleanup. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8. Corrupción de memoria que resulta en un cierre inesperado potencialmente explotable durante la recolección de elementos JavaScript no utilizados debido a errores en la forma en la que se gestiona el rastreo incremental para la limpieza ... • http://rhn.redhat.com/errata/RHSA-2017-0459.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 0CVE-2017-5412 – Ubuntu Security Notice USN-3216-1
https://notcve.org/view.php?id=CVE-2017-5412
08 Mar 2017 — A buffer overflow read during SVG filter color value operations, resulting in data exposure. This vulnerability affects Firefox < 52 and Thunderbird < 52. Lectura por desbordamiento de búfer durante las operaciones de valor de color de filtrado SVG, lo que resulta en una exposición de datos. La vulnerabilidad afecta a Firefox en versiones anteriores a la 52 y Thunderbird en versiones anteriores a la 52. USN-3216-1 fixed vulnerabilities in Firefox. • http://www.securityfocus.com/bid/96692 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •