CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2017-7789 – Ubuntu Security Notice USN-3391-1
https://notcve.org/view.php?id=CVE-2017-7789
15 Aug 2017 — If a server sends two Strict-Transport-Security (STS) headers for a single connection, they will be rejected as invalid and HTTP Strict Transport Security (HSTS) will not be enabled for the connection. This vulnerability affects Firefox < 55. Si un servidor envía dos cabeceras Strict-Transport-Security (STS) para una única conexión, serán rechazadas com inválidas y no se habilitará HTTP Strict Transport Security (HSTS) para la conexión. La vulnerabilidad afecta a Firefox en versiones anteriores a la 55. USN... • http://www.securityfocus.com/bid/100374 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2017-7806 – Ubuntu Security Notice USN-3391-1
https://notcve.org/view.php?id=CVE-2017-7806
15 Aug 2017 — A use-after-free vulnerability can occur when the layer manager is freed too early when rendering specific SVG content, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 55. Puede ocurrir una vulnerabilidad de uso de memoria previamente liberada cuando el gestor de capas se liberar demasiado pronto cuando se "renderizar" determinados contenidos SVG, resultando en un cierre inesperado explotable. Esta vulnerabilidad afecta a las versiones anteriores a la 55 de Firefox. USN-33... • http://www.securityfocus.com/bid/100389 • CWE-416: Use After Free •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 1CVE-2017-7781 – Ubuntu Security Notice USN-3391-1
https://notcve.org/view.php?id=CVE-2017-7781
15 Aug 2017 — An error occurs in the elliptic curve point addition algorithm that uses mixed Jacobian-affine coordinates where it can yield a result "POINT_AT_INFINITY" when it should not. A man-in-the-middle attacker could use this to interfere with a connection, resulting in an attacked party computing an incorrect shared secret. This vulnerability affects Firefox < 55. Ocurre un error en el algoritmo de suma de puntos de curva elíptica que emplea coordenadas mixtas Jacobian-affine que pueden dar como resultado "POINT_... • http://www.securityfocus.com/bid/100383 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2017-7797 – Ubuntu Security Notice USN-3391-1
https://notcve.org/view.php?id=CVE-2017-7797
15 Aug 2017 — Response header name interning does not have same-origin protections and these headers are stored in a global registry. This allows stored header names to be available cross-origin. This vulnerability affects Firefox < 55. El internamiento de nombres de cabecera de respuesta no tiene protecciones del mismo origen y estas cabeceras se almacenan en un registro global. Esto permite que los nombres de cabecera almacenados estén disponibles mediante Cross-Origin. • http://www.securitytracker.com/id/1039124 • CWE-346: Origin Validation Error •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2017-7799 – Ubuntu Security Notice USN-3391-1
https://notcve.org/view.php?id=CVE-2017-7799
15 Aug 2017 — JavaScript in the "about:webrtc" page is not sanitized properly being assigned to "innerHTML". Data on this page is supplied by WebRTC usage and is not under third-party control, making this difficult to exploit, but the vulnerability could possibly be used for a cross-site scripting (XSS) attack. This vulnerability affects Firefox < 55. No se sanea correctamente el JavaScript en la página "about:webrtc" antes de asignarse a "innerHTML". Los datos en esta página son proporcionados por el uso de WebRTC y no ... • http://www.securityfocus.com/bid/100377 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 18EXPL: 1CVE-2017-7809 – Mozilla: Use-after-free while deleting attached editor DOM node (MFSA 2017-19)
https://notcve.org/view.php?id=CVE-2017-7809
10 Aug 2017 — A use-after-free vulnerability can occur when an editor DOM node is deleted prematurely during tree traversal while still bound to the document. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. Puede ocurrir una vulnerabilidad de uso de memoria previamente liberada cuando un nodo DOM editor se borra de manera prematura durante el salto de árbol cuando aún sigue vinculado al documento. Esto resulta en un cierre inesperado ex... • http://www.securityfocus.com/bid/100203 • CWE-416: Use After Free •
CVSS: 9.8EPSS: 0%CPEs: 22EXPL: 1CVE-2017-7784 – Mozilla: Use-after-free with image observers (MFSA 2017-19)
https://notcve.org/view.php?id=CVE-2017-7784
10 Aug 2017 — A use-after-free vulnerability can occur when reading an image observer during frame reconstruction after the observer has been freed. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. Puede ocurrir una vulnerabilidad de uso de memoria previamente liberada al leer un observador de imagen durante la reconstrucción de frames una vez se ha liberado el observador. Esto resulta en un cierre inesperado potencialmente explotable. • http://www.securityfocus.com/bid/100202 • CWE-416: Use After Free •
CVSS: 9.8EPSS: 0%CPEs: 18EXPL: 1CVE-2017-7801 – Mozilla: Use-after-free with marquee during window resizing
https://notcve.org/view.php?id=CVE-2017-7801
10 Aug 2017 — A use-after-free vulnerability can occur while re-computing layout for a "marquee" element during window resizing where the updated style object is freed while still in use. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. Puede ocurrir una vulnerabilidad de uso de memoria previamente liberada cuando vuelve a calcular la disposición del elemento "marquee" durante el reajuste del tamaño de la ventana cuando el objeto estilo ... • http://www.securityfocus.com/bid/100197 • CWE-416: Use After Free •
CVSS: 5.3EPSS: 0%CPEs: 22EXPL: 1CVE-2017-7791 – Mozilla: Spoofing following page navigation with data: protocol and modal alerts (MFSA 2017-19)
https://notcve.org/view.php?id=CVE-2017-7791
10 Aug 2017 — On pages containing an iframe, the "data:" protocol can be used to create a modal alert that will render over arbitrary domains following page navigation, spoofing of the origin of the modal alert from the iframe content. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. En las páginas que contienen un iframe, el protocolo "data:" se puede emplear para crear una alerta modal que se representará sobre dominios arbitrarios siguiendo la navegación, suplantando el origen de la... • http://www.securityfocus.com/bid/100240 • CWE-20: Improper Input Validation CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVSS: 9.8EPSS: 0%CPEs: 18EXPL: 1CVE-2017-7802 – Mozilla: Use-after-free resizing image elements (MFSA 2017-19)
https://notcve.org/view.php?id=CVE-2017-7802
10 Aug 2017 — A use-after-free vulnerability can occur when manipulating the DOM during the resize event of an image element. If these elements have been freed due to a lack of strong references, a potentially exploitable crash may occur when the freed elements are accessed. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. Puede ocurrir una vulnerabilidad de uso de memoria previamente liberada cuando se manipula el DOM durante el evento de redimensionamiento de un elemento "image". Si ... • http://www.securityfocus.com/bid/100202 • CWE-416: Use After Free •