CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2018-12375 – Ubuntu Security Notice USN-3761-1
https://notcve.org/view.php?id=CVE-2018-12375
07 Sep 2018 — Memory safety bugs present in Firefox 61. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 62. Hay errores de seguridad de memoria en Firefox 61. Algunos de estos errores mostraron evidencias de corrupción de memoria y se entiende que, con el suficiente esfuerzo, algunos de estos podrían explotarse para ejecutar código arbitrario. • http://www.securityfocus.com/bid/105276 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 18EXPL: 1CVE-2018-12383 – Mozilla: Setting a master password post-Firefox 58 does not delete unencrypted previously stored passwords
https://notcve.org/view.php?id=CVE-2018-12383
07 Sep 2018 — If a user saved passwords before Firefox 58 and then later set a master password, an unencrypted copy of these passwords is still accessible. This is because the older stored password file was not deleted when the data was copied to a new format starting in Firefox 58. The new master password is added only on the new file. This could allow the exposure of stored password data outside of user expectations. This vulnerability affects Firefox < 62, Firefox ESR < 60.2.1, and Thunderbird < 60.2.1. • http://www.securityfocus.com/bid/105276 • CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer CWE-522: Insufficiently Protected Credentials •
CVSS: 9.8EPSS: 0%CPEs: 18EXPL: 0CVE-2018-12378 – Mozilla: Use-after-free in IndexedDB
https://notcve.org/view.php?id=CVE-2018-12378
07 Sep 2018 — A use-after-free vulnerability can occur when an IndexedDB index is deleted while still in use by JavaScript code that is providing payload values to be stored. This results in a potentially exploitable crash. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird < 60.2.1. Puede ocurrir una vulnerabilidad de uso de memoria previamente liberada cuando un índice IndexedDB se elimina mientras sigue en uso por parte de código JavaScript que está proporcionando valores de carga útil para q... • http://www.securityfocus.com/bid/105280 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 1CVE-2018-12371 – Gentoo Linux Security Advisory 201811-13
https://notcve.org/view.php?id=CVE-2018-12371
05 Jul 2018 — An integer overflow vulnerability in the Skia library when allocating memory for edge builders on some systems with at least 16 GB of RAM. This results in the use of uninitialized memory, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR < 60.1, Thunderbird < 60, and Firefox < 61. Una vulnerabilidad de desbordamiento de enteros en la biblioteca Skia al asignar memoria para constructores de bordes en algunos sistemas con al menos 16 GB de RAM. Esto resulta en el uso de memo... • https://bugzilla.mozilla.org/show_bug.cgi?id=1465686 • CWE-190: Integer Overflow or Wraparound •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2018-12370 – Ubuntu Security Notice USN-3705-1
https://notcve.org/view.php?id=CVE-2018-12370
05 Jul 2018 — In Reader View SameSite cookie protections are not checked on exiting. This allows for a payload to be triggered when Reader View is exited if loaded by a malicious site while Reader mode is active, bypassing CSRF protections. This vulnerability affects Firefox < 61. En Reader View, las protecciones de la cookie SameSite no se comprueban al salir. Esto permite que se desencadene una carga útil cuando se sale de Reader View si se carga desde un sitio malicioso cuando el modo Reader está activo, omitiendo las... • http://www.securitytracker.com/id/1041193 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 0%CPEs: 9EXPL: 0CVE-2018-5187 – Gentoo Linux Security Advisory 201811-13
https://notcve.org/view.php?id=CVE-2018-5187
05 Jul 2018 — Memory safety bugs present in Firefox 60 and Firefox ESR 60. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60, Firefox ESR < 60.1, and Firefox < 61. Hay errores de seguridad de memoria en Firefox 60 y Firefox ESR 60. Algunos de estos errores mostraron evidencias de corrupción de memoria y se entiende que, con el suficiente esfuerzo, algunos de estos podrían e... • http://www.securityfocus.com/bid/104556 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 1%CPEs: 5EXPL: 1CVE-2018-5186 – Ubuntu Security Notice USN-3705-1
https://notcve.org/view.php?id=CVE-2018-5186
05 Jul 2018 — Memory safety bugs present in Firefox 60. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 61. Hay errores de seguridad de memoria en Firefox 60. Algunos de estos errores mostraron evidencias de corrupción de memoria y se entiende que, con el suficiente esfuerzo, algunos de estos podrían explotarse para ejecutar código arbitrario. • http://www.securityfocus.com/bid/104557 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0CVE-2018-12358 – Ubuntu Security Notice USN-3705-1
https://notcve.org/view.php?id=CVE-2018-12358
05 Jul 2018 — Service workers can use redirection to avoid the tainting of cross-origin resources in some instances, allowing a malicious site to read responses which are supposed to be opaque. This vulnerability affects Firefox < 61. Los trabajadores del servicio pueden emplear redirecciones para evitar la corrupción de recursos cross-origin en algunas instancias, lo que permite que un sitio malicioso lea respuestas que deberían ser opacas. La vulnerabilidad afecta a Firefox en versiones anteriores a la 61. Multiple sec... • http://www.securitytracker.com/id/1041193 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 9EXPL: 0CVE-2018-12361 – Gentoo Linux Security Advisory 201811-13
https://notcve.org/view.php?id=CVE-2018-12361
05 Jul 2018 — An integer overflow can occur in the SwizzleData code while calculating buffer sizes. The overflowed value is used for subsequent graphics computations when their inputs are not sanitized which results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Firefox ESR < 60.1, and Firefox < 61. Puede ocurrir un desbordamiento de enteros en el código SwizzleData al calcular tamaños de búfer. El valor desbordado se emplea para posteriores cálculos de gráficos cuando sus entradas no se... • http://www.securityfocus.com/bid/104558 • CWE-190: Integer Overflow or Wraparound •
CVSS: 4.3EPSS: 1%CPEs: 9EXPL: 0CVE-2018-12367 – Gentoo Linux Security Advisory 201811-13
https://notcve.org/view.php?id=CVE-2018-12367
05 Jul 2018 — In the previous mitigations for Spectre, the resolution or precision of various methods was reduced to counteract the ability to measure precise time intervals. In that work PerformanceNavigationTiming was not adjusted but it was found that it could be used as a precision timer. This vulnerability affects Thunderbird < 60, Firefox ESR < 60.1, and Firefox < 61. En las mitigaciones anteriores para Spectre, la resolución o precisión de varios métodos se redujo para contrarrestar la capacidad de medir intervalo... • http://www.securityfocus.com/bid/104561 • CWE-20: Improper Input Validation •