CVSS: 9.1EPSS: 0%CPEs: 17EXPL: 1CVE-2017-7758 – Mozilla: Out-of-bounds read in Opus encoder (MFSA 2017-16)
https://notcve.org/view.php?id=CVE-2017-7758
14 Jun 2017 — An out-of-bounds read vulnerability with the Opus encoder when the number of channels in an audio stream changes while the encoder is in use. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. Vulnerabilidad de lectura fuera de límites en el codificador Opus cuando el número de canales en una transmisión de audio cambia mientras el codificador sigue en uso. La vulnerabilidad afecta a Firefox en versiones anteriores a la 54, Firefox ESR en versiones anteriores a la 52.2 y Th... • http://www.securityfocus.com/bid/99057 • CWE-125: Out-of-bounds Read •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 1CVE-2017-7776 – graphite2: heap-buffer-overflow read "graphite2::Silf::getClassGlyph"
https://notcve.org/view.php?id=CVE-2017-7776
14 Jun 2017 — Heap-based Buffer Overflow read in Graphite2 library in Firefox before 54 in graphite2::Silf::getClassGlyph. La librería Graphite2, en versiones de Firefox anteriores a la 54, es vulnerable a un desbordamiento de búfer de lectura basado en memoria dinámica en graphite2::Silf::getClassGlyph. An out of bounds read flaw related to "graphite2::Silf::getClassGlyph" has been reported in graphite2. An attacker could possibly exploit this flaw to disclose potentially sensitive memory or cause an application crash. ... • https://www.mozilla.org/en-US/security/advisories/mfsa2017-15 • CWE-125: Out-of-bounds Read •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 1CVE-2017-7771 – graphite2: out of bounds read in "graphite2::Pass::readPass"
https://notcve.org/view.php?id=CVE-2017-7771
14 Jun 2017 — Out-of-bounds read in Graphite2 Library in Firefox before 54 in graphite2::Pass::readPass function. Lectura fuera de límites en la librería Graphite2 para versiones de Firefox anteriores a la 54 en la función graphite2::Pass::readPass. An out of bounds read flaw related to "graphite2::Pass::readPass" has been reported in graphite2. An attacker could possibly exploit this flaw to disclose potentially sensitive memory or cause an application crash. Multiple security issues were discovered in Firefox. • https://bugzilla.redhat.com/show_bug.cgi?id=1472212 • CWE-125: Out-of-bounds Read •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 1CVE-2017-7774 – graphite2: out of bounds read "graphite2::Silf::readGraphite"
https://notcve.org/view.php?id=CVE-2017-7774
14 Jun 2017 — Out-of-bounds read in Graphite2 Library in Firefox before 54 in graphite2::Silf::readGraphite function. La librería Graphite2, en versiones de Firefox anteriores a la 54, es vulnerable a una lectura fuera de límites en la función graphite2::Silf::readGraphite. An out of bounds read flaw related to "graphite2::Silf::readGraphite" has been reported in graphite2. An attacker could possibly exploit this flaw to disclose potentially sensitive memory or cause an application crash. Multiple security issues were di... • https://www.mozilla.org/en-US/security/advisories/mfsa2017-15 • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2017-7773 – graphite2: heap-buffer-overflow write "lz4::decompress" (src/Decompressor)
https://notcve.org/view.php?id=CVE-2017-7773
14 Jun 2017 — Heap-based Buffer Overflow write in Graphite2 library in Firefox before 54 in lz4::decompress src/Decompressor. La librería Graphite2, en versiones de Firefox anteriores a la 54, es vulnerable a un desbordamiento de búfer de escritura basado en memoria dinámica en lz4::decompress src/Decompressor. A heap-based buffer overflow flaw related to "lz4::decompress" (src/Decompressor) has been reported in graphite2. An attacker could exploit this issue to cause a crash or, possibly, execute arbitrary code. Multipl... • https://www.mozilla.org/en-US/security/advisories/mfsa2017-15 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 1CVE-2017-7764 – Mozilla: Domain spoofing with combination of Canadian Syllabics and other unicode blocks (MFSA 2017-16)
https://notcve.org/view.php?id=CVE-2017-7764
14 Jun 2017 — Characters from the "Canadian Syllabics" unicode block can be mixed with characters from other unicode blocks in the addressbar instead of being rendered as their raw "punycode" form, allowing for domain name spoofing attacks through character confusion. The current Unicode standard allows characters from "Aspirational Use Scripts" such as Canadian Syllabics to be mixed with Latin characters in the "moderately restrictive" IDN profile. We have changed Firefox behavior to match the upcoming Unicode version 1... • http://www.securityfocus.com/bid/99057 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 18EXPL: 1CVE-2017-7751 – Mozilla: Use-after-free with content viewer listeners (MFSA 2017-16)
https://notcve.org/view.php?id=CVE-2017-7751
14 Jun 2017 — A use-after-free vulnerability with content viewer listeners that results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. Vulnerabilidad de uso de memoria previamente liberada en los escuchadores del visor de contenido que resulta en un cierre inesperado potencialmente explotable. La vulnerabilidad afecta a Firefox en versiones anteriores a la 54, Firefox ESR en versiones anteriores a la 52.2 y Thunderbird en versiones anteriores a la ... • http://www.securityfocus.com/bid/99057 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2017-7777 – graphite2: use of uninitialized memory "graphite2::GlyphCache::Loader::read_glyph"
https://notcve.org/view.php?id=CVE-2017-7777
14 Jun 2017 — Use of uninitialized memory in Graphite2 library in Firefox before 54 in graphite2::GlyphCache::Loader::read_glyph function. La librería Graphite2, en versiones de Firefox anteriores a la 54, es vulnerable a un uso de memoria no inicializada en la función graphite2::GlyphCache::Loader::read_glyph. The use of uninitialized memory related to "graphite2::GlyphCache::Loader::read_glyph" has been reported in graphite2. An attacker could possibly exploit this flaw to negatively impact the execution of an applicat... • https://www.mozilla.org/en-US/security/advisories/mfsa2017-15 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-456: Missing Initialization of a Variable •
CVSS: 7.5EPSS: 0%CPEs: 18EXPL: 1CVE-2017-7754 – Mozilla: Out-of-bounds read in WebGL with ImageInfo object (MFSA 2017-16)
https://notcve.org/view.php?id=CVE-2017-7754
14 Jun 2017 — An out-of-bounds read in WebGL with a maliciously crafted "ImageInfo" object during WebGL operations. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. Lectura fuera de límites en WebGL con un objeto "ImageInfo" maliciosamente manipulado durante las operaciones WebGL. La vulnerabilidad afecta a Firefox en versiones anteriores a la 54, Firefox ESR en versiones anteriores a la 52.2 y Thunderbird en versiones anteriores a la 52.2. Multiple security issues were discovered in F... • http://www.securityfocus.com/bid/99057 • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2017-7756 – Mozilla: Use-after-free and use-after-scope logging XHR header errors (MFSA 2017-16)
https://notcve.org/view.php?id=CVE-2017-7756
14 Jun 2017 — A use-after-free and use-after-scope vulnerability when logging errors from headers for XML HTTP Requests (XHR). This could result in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. Vulnerabilidad de uso de memoria previamente liberada y "use-after-scope" al registrar errores de las cabeceras XHR (XML HTTP Request). Esto podría resultar en un cierre inesperado potencialmente explotable. • http://www.securityfocus.com/bid/99057 • CWE-416: Use After Free •