CVE-2018-12405 – Mozilla: Memory safety bugs fixed in Firefox 64 and Firefox ESR 60.4
https://notcve.org/view.php?id=CVE-2018-12405
Mozilla developers and community members reported memory safety bugs present in Firefox 63 and Firefox ESR 60.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64. Los desarrolladores de Mozilla y los miembros de la comunidad reportaron problemas de seguridad existentes en Firefox 63 and Firefox ESR 60.3. Algunos de estos errores mostraron evidencias de corrupción de memoria y se cree que, con el esfuerzo necesario, se podrían explotar para ejecutar código arbitrario. • http://www.securityfocus.com/bid/106168 https://access.redhat.com/errata/RHSA-2018:3831 https://access.redhat.com/errata/RHSA-2018:3833 https://access.redhat.com/errata/RHSA-2019:0159 https://access.redhat.com/errata/RHSA-2019:0160 https://bugzilla.mozilla.org/buglist.cgi?bug_id=1494752%2C1498765%2C1503326%2C1505181%2C1500759%2C1504365%2C1506640%2C1503082%2C1502013%2C1510471 https://lists.debian.org/debian-lts-announce/2018/12/msg00002.html https://security.gentoo.org/glsa/201903-04 https:/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2018-12391
https://notcve.org/view.php?id=CVE-2018-12391
During HTTP Live Stream playback on Firefox for Android, audio data can be accessed across origins in violation of security policies. Because the problem is in the underlying Android service, this issue is addressed by treating all HLS streams as cross-origin and opaque to access. *Note: this issue only affects Firefox for Android. Desktop versions of Firefox are unaffected.*. This vulnerability affects Firefox < 63, Firefox ESR < 60.3, and Thunderbird < 60.3. • http://www.securityfocus.com/bid/105718 http://www.securityfocus.com/bid/105769 http://www.securitytracker.com/id/1041944 https://bugzilla.mozilla.org/show_bug.cgi?id=1478843 https://security.gentoo.org/glsa/201811-13 https://www.mozilla.org/security/advisories/mfsa2018-26 https://www.mozilla.org/security/advisories/mfsa2018-27 https://www.mozilla.org/security/advisories/mfsa2018-28 • CWE-863: Incorrect Authorization •
CVE-2018-12389 – Mozilla: Memory safety bugs fixed in Firefox ESR 60.3
https://notcve.org/view.php?id=CVE-2018-12389
Mozilla developers and community members reported memory safety bugs present in Firefox ESR 60.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 60.3 and Thunderbird < 60.3. Los desarrolladores de Mozilla y los miembros de la comunidad reportaron problemas de seguridad existentes en Firefox ESR 60.2. Algunos de estos errores mostraban evidencias de corrupción de memoria y se cree que, con el esfuerzo necesario, se podrían explotar para ejecutar código arbitrario. • http://www.securityfocus.com/bid/105723 http://www.securityfocus.com/bid/105769 http://www.securitytracker.com/id/1041944 https://access.redhat.com/errata/RHSA-2018:3005 https://access.redhat.com/errata/RHSA-2018:3006 https://access.redhat.com/errata/RHSA-2018:3531 https://access.redhat.com/errata/RHSA-2018:3532 https://bugzilla.mozilla.org/buglist.cgi?bug_id=1498460%2C1499198 https://lists.debian.org/debian-lts-announce/2018/11/msg00008.html https://lists.debian.org/debian • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2018-12390 – Mozilla: Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3
https://notcve.org/view.php?id=CVE-2018-12390
Mozilla developers and community members reported memory safety bugs present in Firefox 62 and Firefox ESR 60.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 63, Firefox ESR < 60.3, and Thunderbird < 60.3. Los desarrolladores de Mozilla y los miembros de la comunidad reportaron problemas de seguridad existentes en Firefox 62 y Firefox ESR 60.2. Algunos de estos errores mostraban evidencias de corrupción de memoria y se cree que, con el esfuerzo necesario, se podrían explotar para ejecutar código arbitrario. • http://www.securityfocus.com/bid/105718 http://www.securityfocus.com/bid/105769 http://www.securitytracker.com/id/1041944 https://access.redhat.com/errata/RHSA-2018:3005 https://access.redhat.com/errata/RHSA-2018:3006 https://access.redhat.com/errata/RHSA-2018:3531 https://access.redhat.com/errata/RHSA-2018:3532 https://bugzilla.mozilla.org/buglist.cgi?bug_id=1487098%2C1487660%2C1490234%2C1496159%2C1443748%2C1496340%2C1483905%2C1493347%2C1488803%2C1498701%2C1498482%2C1442010%2C1495245%2C1483699%2C1469486%2C1 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2018-12393 – Mozilla: Integer overflow during Unicode conversion while loading JavaScript
https://notcve.org/view.php?id=CVE-2018-12393
A potential vulnerability was found in 32-bit builds where an integer overflow during the conversion of scripts to an internal UTF-16 representation could result in allocating a buffer too small for the conversion. This leads to a possible out-of-bounds write. *Note: 64-bit builds are not vulnerable to this issue.*. This vulnerability affects Firefox < 63, Firefox ESR < 60.3, and Thunderbird < 60.3. Se ha encontrado una vulnerabilidad potencial en los builds de 32 bit en la que un desbordamiento de enteros durante la conversión de scripts en una representación UTF-16 interna podría conducir a la asignación de un búfer demasiado pequeño para dicha conversión. • http://www.securityfocus.com/bid/105718 http://www.securityfocus.com/bid/105769 http://www.securitytracker.com/id/1041944 https://access.redhat.com/errata/RHSA-2018:3005 https://access.redhat.com/errata/RHSA-2018:3006 https://access.redhat.com/errata/RHSA-2018:3531 https://access.redhat.com/errata/RHSA-2018:3532 https://bugzilla.mozilla.org/show_bug.cgi?id=1495011 https://lists.debian.org/debian-lts-announce/2018/11/msg00008.html https://lists.debian.org/debian-lts-announ • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •