CVSS: 9.8EPSS: 0%CPEs: 18EXPL: 1CVE-2017-7750 – Mozilla: Use-after-free with track elements (MFSA 2017-16)
https://notcve.org/view.php?id=CVE-2017-7750
14 Jun 2017 — A use-after-free vulnerability during video control operations when a "
CVSS: 9.8EPSS: 0%CPEs: 18EXPL: 0CVE-2017-5472 – Mozilla: Use-after-free using destroyed node when regenerating trees (MFSA 2017-16)
https://notcve.org/view.php?id=CVE-2017-5472
14 Jun 2017 — A use-after-free vulnerability with the frameloader during tree reconstruction while regenerating CSS layout when attempting to use a node in the tree that no longer exists. This results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. Vulnerabilidad de uso de memoria previamente liberada en el frameloader durante la reconstrucción de árboles cuando se regenera el diseño CSS al intentar emplear un nodo en el árbol que ya no existe. Esto... • http://www.securityfocus.com/bid/99040 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 18EXPL: 0CVE-2017-7752 – Mozilla: Use-after-free with IME input (MFSA 2017-16)
https://notcve.org/view.php?id=CVE-2017-7752
14 Jun 2017 — A use-after-free vulnerability during specific user interactions with the input method editor (IME) in some languages due to how events are handled. This results in a potentially exploitable crash but would require specific user interaction to trigger. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. Vulnerabilidad de uso de memoria previamente liberada durante interacciones de usuario específicas con el IME (input method editor) en algunos lenguajes debido a la forma en ... • http://www.securityfocus.com/bid/99057 • CWE-416: Use After Free •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2017-7757 – Mozilla: Use-after-free in IndexedDB (MFSA 2017-16)
https://notcve.org/view.php?id=CVE-2017-7757
14 Jun 2017 — A use-after-free vulnerability in IndexedDB when one of its objects is destroyed in memory while a method on it is still being executed. This results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. Vulnerabilidad de uso de memoria previamente liberada en IndexedDB cuando uno de sus objetos se destruye en la memoria mientras un método se sigue ejecutando dentro. Esto resulta en un cierre inesperado potencialmente explotable. • http://www.securityfocus.com/bid/99057 • CWE-416: Use After Free •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2017-5453 – Ubuntu Security Notice USN-3260-1
https://notcve.org/view.php?id=CVE-2017-5453
21 Apr 2017 — A mechanism to inject static HTML into the RSS reader preview page due to a failure to escape characters sent as URL parameters for a feed's "TITLE" element. This vulnerability allows for spoofing but no scripted content can be run. This vulnerability affects Firefox < 53. Mecanismo para inyectar HTML estático en la página de previsualización del lector RSS debido a un error a la hora de escapar caracteres enviados como parámetros de URL para un elemento "TITLE" de un feed. Esta vulnerabilidad permite la su... • http://www.securityfocus.com/bid/97940 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2017-5467 – Mozilla: Memory corruption when drawing Skia content (MFSA 2017-12)
https://notcve.org/view.php?id=CVE-2017-5467
21 Apr 2017 — A potential memory corruption and crash when using Skia content when drawing content outside of the bounds of a clipping region. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53. Corrupción de memoria y cierre inesperado potencial al emplear el contenido Skia cuando se dibuja contenido fuera de los límites de una región de recorte. La vulnerabilidad afecta a Thunderbird en versiones anteriores a la 52.1, Firefox ESR en versiones anteriores a la 52.1 y Firefox en versiones ... • http://www.securityfocus.com/bid/97940 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 1%CPEs: 6EXPL: 0CVE-2017-5430 – Mozilla: Memory safety bugs fixed in Firefox 53 and Firefox ESR 52.1 (MFSA 2017-12)
https://notcve.org/view.php?id=CVE-2017-5430
21 Apr 2017 — Memory safety bugs were reported in Firefox 52, Firefox ESR 52, and Thunderbird 52. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53. Se han reportado errores de seguridad de memoria en Firefox 52, Firefox ESR 52, y Thunderbird 52. Algunos de estos errores mostraron evidencias de corrupción de memoria y se entiende que,... • http://www.securityfocus.com/bid/97940 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 0%CPEs: 16EXPL: 1CVE-2017-5451 – Mozilla: Addressbar spoofing with onblur event (MFSA 2017-12)
https://notcve.org/view.php?id=CVE-2017-5451
21 Apr 2017 — A mechanism to spoof the addressbar through the user interaction on the addressbar and the "onblur" event. The event could be used by script to affect text display to make the loaded site appear to be different from the one actually loaded within the addressbar. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53. Mecanismo para suplantar la barra de direcciones mediante interacción del usuario en la barra de direcciones y el evento "onblur". El evento podría ser utilizado po... • http://www.securityfocus.com/bid/97940 • CWE-20: Improper Input Validation •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-5468 – Ubuntu Security Notice USN-3260-1
https://notcve.org/view.php?id=CVE-2017-5468
21 Apr 2017 — An issue with incorrect ownership model of "privateBrowsing" information exposed through developer tools. This can result in a non-exploitable crash when manually triggered during debugging. This vulnerability affects Firefox < 53. Se ha expuesto un problema con el modelo incorrecto de propiedad de la información "privateBrowsing" mediante las herramientas de desarrollador. Esto puede resultar en un cierre inesperado no explotable cuando se desencadena manualmente durante la depuración. • http://www.securityfocus.com/bid/97940 • CWE-665: Improper Initialization •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2017-5458 – Ubuntu Security Notice USN-3260-1
https://notcve.org/view.php?id=CVE-2017-5458
21 Apr 2017 — When a "javascript:" URL is drag and dropped by a user into the addressbar, the URL will be processed and executed. This allows for users to be socially engineered to execute an XSS attack on themselves. This vulnerability affects Firefox < 53. Cuando un usuario arrastra y suelta una URL "javascript:" en la barra de direcciones, la URL será procesada y ejecutada. Esto permite que se le aplique ingeniería social a los usuarios para ejecutar un ataque de Cross-Site Scripting (XSS) en ellos mismos. • http://www.securityfocus.com/bid/97940 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •