CVSS: 9.8EPSS: 0%CPEs: 15EXPL: 0CVE-2017-7824 – Mozilla: Buffer overflow when drawing and validating elements with ANGLE (MFSA 2017-22)
https://notcve.org/view.php?id=CVE-2017-7824
29 Sep 2017 — A buffer overflow occurs when drawing and validating elements with the ANGLE graphics library, used for WebGL content. This is due to an incorrect value being passed within the library during checks and results in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4. Ocurre un desbordamiento de búfer cuando se dibujan y validan elementos con la librería de gráficos ANGLE, utilizado para contenidos WebGL. Esto se debe a que se pasa un valor inco... • http://www.securityfocus.com/bid/101053 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.5EPSS: 1%CPEs: 6EXPL: 0CVE-2017-7805 – nss: Potential use-after-free in TLS 1.2 server when verifying client authentication
https://notcve.org/view.php?id=CVE-2017-7805
29 Sep 2017 — During TLS 1.2 exchanges, handshake hashes are generated which point to a message buffer. This saved data is used for later messages but in some cases, the handshake transcript can exceed the space available in the current buffer, causing the allocation of a new buffer. This leaves a pointer pointing to the old, freed buffer, resulting in a use-after-free when handshake hashes are then calculated afterwards. This can result in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox... • http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html • CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 17EXPL: 0CVE-2017-7810 – Mozilla: Memory safety bugs fixed in Firefox 56 and Firefox ESR 52.4 (MFSA 2017-22)
https://notcve.org/view.php?id=CVE-2017-7810
29 Sep 2017 — Memory safety bugs were reported in Firefox 55 and Firefox ESR 52.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4. Se han informado de errores de seguridad de memoria en Firefox 55 y Firefox ESR 52.3. Algunos de estos errores mostraron evidencias de corrupción de memoria y se cree que, con el esfuerzo necesario, se ... • http://www.securityfocus.com/bid/101054 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 9.8EPSS: 3%CPEs: 1EXPL: 0CVE-2007-5341
https://notcve.org/view.php?id=CVE-2007-5341
18 Aug 2017 — Remote code execution in the Venkman script debugger in Mozilla Firefox before 2.0.0.8. Existe una vulnerabilidad de ejecución remota de código en el script debugger Venkman en Mozilla Firefox en versiones anteriores a la 2.0.0.8. • https://bugzilla.mozilla.org/show_bug.cgi?id=325761 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2017-7788 – Ubuntu Security Notice USN-3391-1
https://notcve.org/view.php?id=CVE-2017-7788
15 Aug 2017 — When an "iframe" has a "sandbox" attribute and its content is specified using "srcdoc", that content does not inherit the containing page's Content Security Policy (CSP) as it should unless the sandbox attribute included "allow-same-origin". This vulnerability affects Firefox < 55. cuando un iframe tiene un atributo "sandbox" y su contenido se especifica mediante "srcdoc", dicho contenido no hereda el CSP (Content Security Policy) de la página que lo contiene, tal y como debería, a no ser que el atributo sa... • http://www.securityfocus.com/bid/100379 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7808 – Ubuntu Security Notice USN-3391-1
https://notcve.org/view.php?id=CVE-2017-7808
15 Aug 2017 — A content security policy (CSP) "frame-ancestors" directive containing origins with paths allows for comparisons against those paths instead of the origin. This results in a cross-origin information leak of this path information. This vulnerability affects Firefox < 55. Una directiva CSP (Content Security Policy) "frame-ancestors" que contiene orígenes con rutas permite comparaciones con dichas rutas en vez de con el origen. Esto resultan en una fuga de información de orígenes cruzados de esta información d... • http://www.securityfocus.com/bid/100373 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-346: Origin Validation Error •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2017-7794 – Ubuntu Security Notice USN-3391-1
https://notcve.org/view.php?id=CVE-2017-7794
15 Aug 2017 — On Linux systems, if the content process is compromised, the sandbox broker will allow files to be truncated even though the sandbox explicitly only has read access to the local file system and no write permissions. Note: This attack only affects the Linux operating system. Other operating systems are not affected. This vulnerability affects Firefox < 55. En sistemas Linux, si el proceso content se ve comprometido, el broker del sandbox permitirá el truncado de archivos aunque el sandbox solo tenga explícit... • http://www.securitytracker.com/id/1039124 • CWE-276: Incorrect Default Permissions •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7780 – Ubuntu Security Notice USN-3391-1
https://notcve.org/view.php?id=CVE-2017-7780
15 Aug 2017 — Memory safety bugs were reported in Firefox 54. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 55. Se han reportado errores de seguridad de memoria en Firefox 54. Algunos de estos errores mostraron evidencias de corrupción de memoria y se entiende que, con el suficiente esfuerzo, algunos de estos podrían explotarse para ejecutar código arbitrario. • http://www.securityfocus.com/bid/100199 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 3%CPEs: 1EXPL: 3CVE-2017-7783 – Mozilla Firefox < 55 - Denial of Service
https://notcve.org/view.php?id=CVE-2017-7783
15 Aug 2017 — If a long user name is used in a username/password combination in a site URL (such as " http://UserName:Password@example.com"), the resulting modal prompt will hang in a non-responsive state or crash, causing a denial of service. This vulnerability affects Firefox < 55. Si se emplea un nombre de usuario largo en una combinación nombre de usuario/contraseña en una URL de un sitio (como " http://NombreUsuario:Contraseña@ejemplo.com"), el mensaje modal resultante se mantendrá en un estado sin respuesta o se ce... • https://packetstorm.news/files/id/144687 • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2017-7789 – Ubuntu Security Notice USN-3391-1
https://notcve.org/view.php?id=CVE-2017-7789
15 Aug 2017 — If a server sends two Strict-Transport-Security (STS) headers for a single connection, they will be rejected as invalid and HTTP Strict Transport Security (HSTS) will not be enabled for the connection. This vulnerability affects Firefox < 55. Si un servidor envía dos cabeceras Strict-Transport-Security (STS) para una única conexión, serán rechazadas com inválidas y no se habilitará HTTP Strict Transport Security (HSTS) para la conexión. La vulnerabilidad afecta a Firefox en versiones anteriores a la 55. USN... • http://www.securityfocus.com/bid/100374 •