CVSS: 7.5EPSS: 0%CPEs: 19EXPL: 0CVE-2018-5157 – Mozilla: Same-origin bypass of PDF Viewer to view protected PDF files
https://notcve.org/view.php?id=CVE-2018-5157
11 May 2018 — Same-origin protections for the PDF viewer can be bypassed, allowing a malicious site to intercept messages meant for the viewer. This could allow the site to retrieve PDF files restricted to viewing by an authenticated user on a third-party website. This vulnerability affects Firefox ESR < 52.8 and Firefox < 60. Las protecciones del mismo origen para el visor de PDF pueden omitirse, lo que permite que un sitio malicioso intercepte los mensajes destinados al visor. Esto podría permitir que el sitio recupere... • http://www.securityfocus.com/bid/104136 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-346: Origin Validation Error CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVSS: 9.8EPSS: 39%CPEs: 21EXPL: 2CVE-2018-5159 – Skia and Firefox - Integer Overflow in SkTDArray Leading to Out-of-Bounds Write
https://notcve.org/view.php?id=CVE-2018-5159
11 May 2018 — An integer overflow can occur in the Skia library due to 32-bit integer use in an array without integer overflow checks, resulting in possible out-of-bounds writes. This could lead to a potentially exploitable crash triggerable by web content. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8. Puede ocurrir un desbordamiento de enteros en la biblioteca Skia debido al uso de números enteros de 32 bits en un array sin verificaciones de desbordamiento d... • https://packetstorm.news/files/id/147843 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 6.1EPSS: 1%CPEs: 21EXPL: 0CVE-2018-5168 – Mozilla: Lightweight themes can be installed without user interaction
https://notcve.org/view.php?id=CVE-2018-5168
11 May 2018 — Sites can bypass security checks on permissions to install lightweight themes by manipulating the "baseURI" property of the theme element. This could allow a malicious site to install a theme without user interaction which could contain offensive or embarrassing images. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8. Los sitios pueden omitir las comprobaciones de seguridad de los permisos para instalar temas ligeros manipulando la propiedad "baseU... • http://www.securityfocus.com/bid/104136 • CWE-862: Missing Authorization •
CVSS: 8.8EPSS: 50%CPEs: 19EXPL: 2CVE-2018-5158 – pdf.js < 2.0.943 - Authenticated (Author+) Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-5158
11 May 2018 — The PDF viewer does not sufficiently sanitize PostScript calculator functions, allowing malicious JavaScript to be injected through a crafted PDF file. This JavaScript can then be run with the permissions of the PDF viewer by its worker. This vulnerability affects Firefox ESR < 52.8 and Firefox < 60. El visor de PDF no sanea suficientemente las funciones de la calculadora PostScript, lo que permite inyectar JavaScript malicioso a través de un archivo PDF manipulado. Este JavaScript puede ser ejecutado por s... • https://github.com/ppcrab/CVE-2018-5158 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') •
CVSS: 9.8EPSS: 4%CPEs: 15EXPL: 0CVE-2018-5148 – firefox: Use-after-free in compositor potentially allows code execution
https://notcve.org/view.php?id=CVE-2018-5148
28 Mar 2018 — A use-after-free vulnerability can occur in the compositor during certain graphics operations when a raw pointer is used instead of a reference counted one. This results in a potentially exploitable crash. This vulnerability affects Firefox ESR < 52.7.3 and Firefox < 59.0.2. Puede ocurrir una vulnerabilidad de uso de memoria previamente liberada en el compositor durante determinadas operaciones de gráficos cuando un puntero raw se utiliza en vez de una de conteo de referencias. Esto resulta en un cierre ine... • http://www.securityfocus.com/bid/103506 • CWE-416: Use After Free •
CVSS: 5.3EPSS: 1%CPEs: 5EXPL: 0CVE-2017-7825 – Gentoo Linux Security Advisory 201803-14
https://notcve.org/view.php?id=CVE-2017-7825
28 Mar 2018 — Several fonts on OS X display some Tibetan and Arabic characters as whitespace. When used in the addressbar as part of an IDN this can be used for domain name spoofing attacks. Note: This attack only affects OS X operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4. • http://www.securityfocus.com/bid/101059 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 2%CPEs: 5EXPL: 0CVE-2018-5147 – Debian Security Advisory 4141-1
https://notcve.org/view.php?id=CVE-2018-5147
16 Mar 2018 — The libtremor library has the same flaw as CVE-2018-5146. This library is used by Firefox in place of libvorbis on Android and ARM platforms. This vulnerability affects Firefox ESR < 52.7.2 and Firefox < 59.0.1. La librería libtremor tiene el mismo fallo que CVE-2018-5146. Esta librería es usada por Firefox en lugar de libvorbis en plataformas Android y ARM. • http://www.securityfocus.com/bid/103432 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 17%CPEs: 22EXPL: 1CVE-2018-5146 – Mozilla Firefox libvorbis OGG Decoding Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-5146
16 Mar 2018 — An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest. This vulnerability affects Firefox < 59.0.1, Firefox ESR < 52.7.2, and Thunderbird < 52.7. Una escritura de memoria fuera de límites mientras se procesaban los datos de audio de Vorbis fue reportada a través de la competición Pwn2Own. Esta vulnerabilidad afecta a las versiones anteriores a la 59.0.1 de Firefox, las versiones anteriores a la 52.7.2 de Firefox ESR y las versiones anteriores a la 52.7 de ... • https://github.com/f01965/CVE-2018-5146 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 1%CPEs: 15EXPL: 0CVE-2018-5125 – Mozilla: Memory safety bugs fixed in Firefox 59 and Firefox ESR 52.7 (MFSA 2018-07)
https://notcve.org/view.php?id=CVE-2018-5125
14 Mar 2018 — Memory safety bugs were reported in Firefox 58 and Firefox ESR 52.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.7, Firefox ESR < 52.7, and Firefox < 59. Se han informado de errores de seguridad de memoria en Firefox 58 y Firefox ESR 52.6. Algunos de estos errores mostraron evidencias de corrupción de memoria y se cree que, con el esfuerzo necesario, se ... • http://www.securityfocus.com/bid/103388 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 4%CPEs: 4EXPL: 0CVE-2018-5126 – Ubuntu Security Notice USN-3596-2
https://notcve.org/view.php?id=CVE-2018-5126
14 Mar 2018 — Memory safety bugs were reported in Firefox 58. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 59. Se han informado de errores de seguridad de memoria en Firefox 58. Algunos de estos errores mostraron evidencias de corrupción de memoria y se cree que, con el esfuerzo necesario, se podrían explotar para ejecutar código arbitrario. • http://www.securityfocus.com/bid/103386 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •