CVSS: 9.8EPSS: 91%CPEs: 13EXPL: 6CVE-2017-5375 – Firefox 44.0.2 - ASM.JS JIT-Spray Remote Code Execution
https://notcve.org/view.php?id=CVE-2017-5375
25 Jan 2017 — JIT code allocation can allow for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51. La asignación de código JIT puede permitir la omisión de las protecciones ASLR y DEP, lo que conduce a ataques de corrupción de memoria. La vulnerabilidad afecta a Thunderbird en versiones anteriores a la 45.7, Firefox ESR en versiones anteriores a la 45.7 y Firefox en versiones anteriores a la 51. USN-3175... • https://packetstorm.news/files/id/146819 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2016-5293 – Gentoo Linux Security Advisory 201701-15
https://notcve.org/view.php?id=CVE-2016-5293
03 Jan 2017 — When the Mozilla Updater is run, if the Updater's log file in the working directory points to a hardlink, data can be appended to an arbitrary local file. This vulnerability requires local system access. Note: this issue only affects Windows operating systems. This vulnerability affects Firefox ESR < 45.5 and Firefox < 50. Cuando se ejecuta Mozilla Updater, si el archivo de registro de Updater en el directorio de trabajo señala a un vínculo permanente, los datos pueden anexarse a un archivo local arbitrario... • http://www.securityfocus.com/bid/94336 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 1CVE-2016-5294 – Gentoo Linux Security Advisory 201701-15
https://notcve.org/view.php?id=CVE-2016-5294
03 Jan 2017 — The Mozilla Updater can be made to choose an arbitrary target working directory for output files resulting from the update process. This vulnerability requires local system access. Note: this issue only affects Windows operating systems. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50. Mozilla Updater puede ser forzado a escoger un directorio de trabajo objetivo arbitrario para enviar archivos resultantes del proceso de actualización. • http://www.securityfocus.com/bid/94336 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 12EXPL: 1CVE-2016-9905 – Mozilla: Crash in EnumerateSubDocuments (MFSA 2016-94, MFSA 2016-95)
https://notcve.org/view.php?id=CVE-2016-9905
15 Dec 2016 — A potentially exploitable crash in "EnumerateSubDocuments" while adding or removing sub-documents. This vulnerability affects Firefox ESR < 45.6 and Thunderbird < 45.6. Cierre inesperado potencialmente explotable en "EnumerateSubDocuments" al añadir o eliminar subdocumentos. La vulnerabilidad afecta a Firefox ESR en versiones anteriores a la 45.6 y Thunderbird en versiones anteriores a la 45.6. Multiple memory safety issues were discovered in Thunderbird. • http://rhn.redhat.com/errata/RHSA-2016-2946.html • CWE-284: Improper Access Control •
CVSS: 9.8EPSS: 0%CPEs: 21EXPL: 1CVE-2016-9898 – Mozilla: Use-after-free in Editor while manipulating DOM subtrees (MFSA 2016-94, MFSA 2016-95)
https://notcve.org/view.php?id=CVE-2016-9898
14 Dec 2016 — Use-after-free resulting in potentially exploitable crash when manipulating DOM subtrees in the Editor. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6. Uso de memoria previamente liberada que resulta en un cierre inesperado potencialmente explotable al manipular subárboles DOM en el Editor. La vulnerabilidad afecta a Firefox en versiones anteriores a la 50.1, Firefox ESR en versiones anteriores a la 45.6 y Thunderbird en versiones anteriores a la 45.6. Multiple memory ... • http://rhn.redhat.com/errata/RHSA-2016-2946.html • CWE-416: Use After Free •
CVSS: 9.8EPSS: 79%CPEs: 22EXPL: 3CVE-2016-9899 – Mozilla Firefox < 50.1.0 - Use-After-Free
https://notcve.org/view.php?id=CVE-2016-9899
14 Dec 2016 — Use-after-free while manipulating DOM events and removing audio elements due to errors in the handling of node adoption. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6. Uso de memoria previamente liberada al manipular eventos DOM y eliminar elementos de audio debido a errores en la gestión de la adopción de nodos. La vulnerabilidad afecta a Firefox en versiones anteriores a la 50.1, Firefox ESR en versiones anteriores a la 45.6 y Thunderbird en versiones anteriores a l... • https://packetstorm.news/files/id/140491 • CWE-416: Use After Free •
CVSS: 9.8EPSS: 0%CPEs: 21EXPL: 0CVE-2016-9893 – Mozilla: Memory safety bugs fixed in Firefox 50.1 and Firefox ESR 45.6 (MFSA 2016-95)
https://notcve.org/view.php?id=CVE-2016-9893
14 Dec 2016 — Memory safety bugs were reported in Thunderbird 45.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6. Se han reportado errores de seguridad de memoria en Thunderbird 45.5. Algunos de estos errores mostraron evidencias de corrupción de memoria y se entiende que, con el suficiente esfuerzo, algunos de estos podrían ex... • http://rhn.redhat.com/errata/RHSA-2016-2946.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 1CVE-2016-9897 – Mozilla: Memory corruption in libGLES (MFSA 2016-94, MFSA 2016-95)
https://notcve.org/view.php?id=CVE-2016-9897
14 Dec 2016 — Memory corruption resulting in a potentially exploitable crash during WebGL functions using a vector constructor with a varying array within libGLES. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6. Corrupción de memoria que resulta en un cierre inesperado potencialmente explotable durante las funciones de WebGL mediante un constructor de vectores con un array variable en libGLES. La vulnerabilidad afecta a Firefox en versiones anteriores a la 50.1, Firefox ESR en versi... • http://rhn.redhat.com/errata/RHSA-2016-2946.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 13EXPL: 0CVE-2016-9904 – Mozilla: Cross-origin information leak in shared atoms (MFSA 2016-94, MFSA 2016-95)
https://notcve.org/view.php?id=CVE-2016-9904
14 Dec 2016 — An attacker could use a JavaScript Map/Set timing attack to determine whether an atom is used by another compartment/zone in specific contexts. This could be used to leak information, such as usernames embedded in JavaScript code, across websites. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6. Un atacante podría utilizar un ataque de sincronización por JavaScript Map/Set para determinar si un atom está siendo empleado por otro compartimento/zona en determinados contex... • http://rhn.redhat.com/errata/RHSA-2016-2946.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 21EXPL: 1CVE-2016-9895 – Mozilla: CSP bypass using marquee tag (MFSA 2016-94, MFSA 2016-95)
https://notcve.org/view.php?id=CVE-2016-9895
14 Dec 2016 — Event handlers on "marquee" elements were executed despite a strict Content Security Policy (CSP) that disallowed inline JavaScript. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6. Los gestores de eventos en los elementos "marquee" se ejecutaron a pesar de que existe un CSP (Content Security Policy) estricto que prohibía el JavaScript inline. La vulnerabilidad afecta a Firefox en versiones anteriores a la 50.1, Firefox ESR en versiones anteriores a la 45.6 y Thunderbir... • http://rhn.redhat.com/errata/RHSA-2016-2946.html • CWE-254: 7PK - Security Features •