CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 1CVE-2017-7774 – graphite2: out of bounds read "graphite2::Silf::readGraphite"
https://notcve.org/view.php?id=CVE-2017-7774
14 Jun 2017 — Out-of-bounds read in Graphite2 Library in Firefox before 54 in graphite2::Silf::readGraphite function. La librería Graphite2, en versiones de Firefox anteriores a la 54, es vulnerable a una lectura fuera de límites en la función graphite2::Silf::readGraphite. An out of bounds read flaw related to "graphite2::Silf::readGraphite" has been reported in graphite2. An attacker could possibly exploit this flaw to disclose potentially sensitive memory or cause an application crash. Multiple security issues were di... • https://www.mozilla.org/en-US/security/advisories/mfsa2017-15 • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2017-7777 – graphite2: use of uninitialized memory "graphite2::GlyphCache::Loader::read_glyph"
https://notcve.org/view.php?id=CVE-2017-7777
14 Jun 2017 — Use of uninitialized memory in Graphite2 library in Firefox before 54 in graphite2::GlyphCache::Loader::read_glyph function. La librería Graphite2, en versiones de Firefox anteriores a la 54, es vulnerable a un uso de memoria no inicializada en la función graphite2::GlyphCache::Loader::read_glyph. The use of uninitialized memory related to "graphite2::GlyphCache::Loader::read_glyph" has been reported in graphite2. An attacker could possibly exploit this flaw to negatively impact the execution of an applicat... • https://www.mozilla.org/en-US/security/advisories/mfsa2017-15 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-456: Missing Initialization of a Variable •
CVSS: 9.8EPSS: 0%CPEs: 18EXPL: 0CVE-2017-5470 – Mozilla: Memory safety bugs fixed in Firefox 54 and Firefox ESR 52.2 (MFSA 2017-16)
https://notcve.org/view.php?id=CVE-2017-5470
14 Jun 2017 — Memory safety bugs were reported in Firefox 53 and Firefox ESR 52.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. Se han reportado errores de seguridad de memoria en Firefox 53 y Firefox ESR 52.1. Algunos de estos errores mostraron evidencias de corrupción de memoria y se entiende que, con el suficiente esfuerzo, a... • http://www.securityfocus.com/bid/99041 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 6%CPEs: 6EXPL: 0CVE-2017-7778 – Mozilla: Vulnerabilities in the Graphite 2 library (MFSA 2017-16)
https://notcve.org/view.php?id=CVE-2017-7778
14 Jun 2017 — A number of security vulnerabilities in the Graphite 2 library including out-of-bounds reads, buffer overflow reads and writes, and the use of uninitialized memory. These issues were addressed in Graphite 2 version 1.3.10. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. Hay una serie de vulnerabilidades de seguridad en la biblioteca Graphite 2, incluyendo lecturas fuera de límites, lecturas y escrituras por desbordamiento de búfer y el uso de memoria no inicializada. Est... • http://www.securityfocus.com/bid/99057 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 18EXPL: 0CVE-2017-7749 – Mozilla: Use-after-free during docshell reloading (MFSA 2017-16)
https://notcve.org/view.php?id=CVE-2017-7749
14 Jun 2017 — A use-after-free vulnerability when using an incorrect URL during the reloading of a docshell. This results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. Vulnerabilidad de uso de memoria previamente liberada al emplear una URL incorrecta durante la recarga de un docshell. Esto resulta en un cierre inesperado potencialmente explotable. • http://www.securityfocus.com/bid/99057 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 18EXPL: 0CVE-2017-7752 – Mozilla: Use-after-free with IME input (MFSA 2017-16)
https://notcve.org/view.php?id=CVE-2017-7752
14 Jun 2017 — A use-after-free vulnerability during specific user interactions with the input method editor (IME) in some languages due to how events are handled. This results in a potentially exploitable crash but would require specific user interaction to trigger. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. Vulnerabilidad de uso de memoria previamente liberada durante interacciones de usuario específicas con el IME (input method editor) en algunos lenguajes debido a la forma en ... • http://www.securityfocus.com/bid/99057 • CWE-416: Use After Free •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2017-5458 – Ubuntu Security Notice USN-3260-1
https://notcve.org/view.php?id=CVE-2017-5458
21 Apr 2017 — When a "javascript:" URL is drag and dropped by a user into the addressbar, the URL will be processed and executed. This allows for users to be socially engineered to execute an XSS attack on themselves. This vulnerability affects Firefox < 53. Cuando un usuario arrastra y suelta una URL "javascript:" en la barra de direcciones, la URL será procesada y ejecutada. Esto permite que se le aplique ingeniería social a los usuarios para ejecutar un ataque de Cross-Site Scripting (XSS) en ellos mismos. • http://www.securityfocus.com/bid/97940 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 1%CPEs: 6EXPL: 0CVE-2017-5430 – Mozilla: Memory safety bugs fixed in Firefox 53 and Firefox ESR 52.1 (MFSA 2017-12)
https://notcve.org/view.php?id=CVE-2017-5430
21 Apr 2017 — Memory safety bugs were reported in Firefox 52, Firefox ESR 52, and Thunderbird 52. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53. Se han reportado errores de seguridad de memoria en Firefox 52, Firefox ESR 52, y Thunderbird 52. Algunos de estos errores mostraron evidencias de corrupción de memoria y se entiende que,... • http://www.securityfocus.com/bid/97940 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 1%CPEs: 11EXPL: 1CVE-2017-5456 – Mozilla: Sandbox escape allowing local file system read access (MFSA 2017-12)
https://notcve.org/view.php?id=CVE-2017-5456
21 Apr 2017 — A mechanism to bypass file system access protections in the sandbox using the file system request constructor through an IPC message. This allows for read and write access to the local file system. This vulnerability affects Firefox ESR < 52.1 and Firefox < 53. Mecanismo para omitir las protecciones de acceso al sistema de archivos en el sandbox mediante el constructor de peticiones al sistema de archivos mediante un mensaje IPC. Esto permite acceso de lectura y escritura al sistema de archivos local. • http://www.securityfocus.com/bid/97940 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.5EPSS: 0%CPEs: 11EXPL: 1CVE-2017-5455 – Mozilla: Sandbox escape through internal feed reader APIs (MFSA 2017-12)
https://notcve.org/view.php?id=CVE-2017-5455
21 Apr 2017 — The internal feed reader APIs that crossed the sandbox barrier allowed for a sandbox escape and escalation of privilege if combined with another vulnerability that resulted in remote code execution inside the sandboxed process. This vulnerability affects Firefox ESR < 52.1 and Firefox < 53. Las API del lector de feeds interno que cruzaron la barrera del sandbox permitieron un escape del sandbox y un escalado de privilegios si se combinaban con otra vulnerabilidad que resultaba en la ejecución remota de códi... • http://www.securityfocus.com/bid/97940 •