CVSS: 7.5EPSS: 0%CPEs: 22EXPL: 1CVE-2017-7787 – Mozilla: Same-origin policy bypass with iframes through page reloads (MFSA 2017-19)
https://notcve.org/view.php?id=CVE-2017-7787
10 Aug 2017 — Same-origin policy protections can be bypassed on pages with embedded iframes during page reloads, allowing the iframes to access content on the top level page, leading to information disclosure. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. Las protecciones de política del mismo origen se pueden omitir en páginas con iframes embebidos durante la recarga de páginas, lo que permite que los iframes accedan a contenido en la página de nivel más alto, lo que conduce a una ... • http://www.securityfocus.com/bid/100234 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-863: Incorrect Authorization •
CVSS: 7.5EPSS: 0%CPEs: 14EXPL: 1CVE-2017-7803 – Mozilla: CSP directives improperly applied with sandbox flag in iframes (MFSA 2017-19)
https://notcve.org/view.php?id=CVE-2017-7803
10 Aug 2017 — When a page's content security policy (CSP) header contains a "sandbox" directive, other directives are ignored. This results in the incorrect enforcement of CSP. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. Cuando la cabecera CSP (Content Security Policy) de una página contiene una directiva "sandbox", se ignoran otras directivas. Esto resulta en el cumplimiento incorrecto de CSP. • http://www.securityfocus.com/bid/100234 • CWE-269: Improper Privilege Management CWE-863: Incorrect Authorization •
CVSS: 9.8EPSS: 1%CPEs: 22EXPL: 1CVE-2017-7785 – Mozilla: Buffer overflow manipulating ARIA elements in DOM (MFSA 2017-19)
https://notcve.org/view.php?id=CVE-2017-7785
10 Aug 2017 — A buffer overflow can occur when manipulating Accessible Rich Internet Applications (ARIA) attributes within the DOM. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. Puede ocurrir un desbordamiento de búfer al manipular atributos ARIA (Accessible Rich Internet Applications) en el DOM. Esto resulta en un cierre inesperado potencialmente explotable. • http://www.securityfocus.com/bid/100206 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 0%CPEs: 18EXPL: 1CVE-2017-7800 – Mozilla: Use-after-free in WebSockets during disconnection (MFSA 2017-19)
https://notcve.org/view.php?id=CVE-2017-7800
10 Aug 2017 — A use-after-free vulnerability can occur in WebSockets when the object holding the connection is freed before the disconnection operation is finished. This results in an exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. Puede ocurrir una vulnerabilidad de uso de memoria previamente liberada en WebSockets cuando el objeto que mantiene la conexión se libera antes de que concluya la operación de desconexión. Esto resulta en un cierre inesperado explotable. • http://www.securityfocus.com/bid/100196 • CWE-416: Use After Free •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-5471 – Ubuntu Security Notice USN-3315-1
https://notcve.org/view.php?id=CVE-2017-5471
15 Jun 2017 — Memory safety bugs were reported in Firefox 53. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 54. Se han reportado errores de seguridad de memoria en Firefox 53. Algunos de estos errores mostraron evidencias de corrupción de memoria y se entiende que, con el suficiente esfuerzo, algunos de estos podrían explotarse para ejecutar código arbitrario. • http://www.securityfocus.com/bid/99042 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 1CVE-2017-7762 – Mozilla: address bar username and password spoofing in reader mode
https://notcve.org/view.php?id=CVE-2017-7762
15 Jun 2017 — When entered directly, Reader Mode did not strip the username and password section of URLs displayed in the addressbar. This can be used for spoofing the domain of the current page. This vulnerability affects Firefox < 54. Al acceder a él directamente, Reader Mode no eliminó la sección de nombre de usuario y contraseña de las URL mostradas en la barra de direcciones. Esto puede emplearse para suplantar el dominio de la página actual. • http://www.securityfocus.com/bid/99047 • CWE-20: Improper Input Validation CWE-290: Authentication Bypass by Spoofing •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 1CVE-2017-7776 – graphite2: heap-buffer-overflow read "graphite2::Silf::getClassGlyph"
https://notcve.org/view.php?id=CVE-2017-7776
14 Jun 2017 — Heap-based Buffer Overflow read in Graphite2 library in Firefox before 54 in graphite2::Silf::getClassGlyph. La librería Graphite2, en versiones de Firefox anteriores a la 54, es vulnerable a un desbordamiento de búfer de lectura basado en memoria dinámica en graphite2::Silf::getClassGlyph. An out of bounds read flaw related to "graphite2::Silf::getClassGlyph" has been reported in graphite2. An attacker could possibly exploit this flaw to disclose potentially sensitive memory or cause an application crash. ... • https://www.mozilla.org/en-US/security/advisories/mfsa2017-15 • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 0%CPEs: 18EXPL: 0CVE-2017-5472 – Mozilla: Use-after-free using destroyed node when regenerating trees (MFSA 2017-16)
https://notcve.org/view.php?id=CVE-2017-5472
14 Jun 2017 — A use-after-free vulnerability with the frameloader during tree reconstruction while regenerating CSS layout when attempting to use a node in the tree that no longer exists. This results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. Vulnerabilidad de uso de memoria previamente liberada en el frameloader durante la reconstrucción de árboles cuando se regenera el diseño CSS al intentar emplear un nodo en el árbol que ya no existe. Esto... • http://www.securityfocus.com/bid/99040 • CWE-416: Use After Free •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 1CVE-2017-7771 – graphite2: out of bounds read in "graphite2::Pass::readPass"
https://notcve.org/view.php?id=CVE-2017-7771
14 Jun 2017 — Out-of-bounds read in Graphite2 Library in Firefox before 54 in graphite2::Pass::readPass function. Lectura fuera de límites en la librería Graphite2 para versiones de Firefox anteriores a la 54 en la función graphite2::Pass::readPass. An out of bounds read flaw related to "graphite2::Pass::readPass" has been reported in graphite2. An attacker could possibly exploit this flaw to disclose potentially sensitive memory or cause an application crash. Multiple security issues were discovered in Firefox. • https://bugzilla.redhat.com/show_bug.cgi?id=1472212 • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2017-7772 – graphite2: heap-buffer-overflow write "lz4::decompress" (CVE-2017-7772)
https://notcve.org/view.php?id=CVE-2017-7772
14 Jun 2017 — Heap-based Buffer Overflow in Graphite2 library in Firefox before 54 in lz4::decompress function. Desbordamiento de búfer basado en memoria dinámica (heap) en Graphinte2 en versiones de Firefox anteriores a la 54 en lz4::decompress function. A heap-based buffer overflow flaw related to "lz4::decompress" has been reported in graphite2. An attacker could exploit this issue to cause a crash or, possibly, execute arbitrary code. Multiple security issues were discovered in Firefox. • https://www.mozilla.org/en-US/security/advisories/mfsa2017-15 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •