CVSS: 9.8EPSS: 2%CPEs: 18EXPL: 0CVE-2017-5469 – Mozilla: Potential Buffer overflow in flex-generated code (MFSA 2017-11, MFSA 2017-12)
https://notcve.org/view.php?id=CVE-2017-5469
20 Apr 2017 — Fixed potential buffer overflows in generated Firefox code due to CVE-2016-6354 issue in Flex. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. Se han solucionado potenciales desbordamientos de búfer en el código Firefox generado debido a un problema CVE-2016-6354 en Flex. La vulnerabilidad afecta a Thunderbird en versiones anteriores a la 52.1, Firefox ESR en versiones anteriores a la 45.9, Firefox en versiones anteriores a la 52.1 y Firefox en versio... • http://www.securityfocus.com/bid/97940 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.6EPSS: 43%CPEs: 17EXPL: 0CVE-2017-5448 – Mozilla Firefox ClearKeyDecryptor Integer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-5448
20 Apr 2017 — An out-of-bounds write in "ClearKeyDecryptor" while decrypting some Clearkey-encrypted media content. The "ClearKeyDecryptor" code runs within the Gecko Media Plugin (GMP) sandbox. If a second mechanism is found to escape the sandbox, this vulnerability allows for the writing of arbitrary data within memory, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. Escritura fuera de límites en "ClearKeyDecryptor" mientras se descodifi... • http://www.securityfocus.com/bid/97940 • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 18EXPL: 1CVE-2017-5440 – Mozilla: Use-after-free in txExecutionState destructor during XSLT processing (MFSA 2017-11, MFSA 2017-12)
https://notcve.org/view.php?id=CVE-2017-5440
20 Apr 2017 — A use-after-free vulnerability during XSLT processing due to a failure to propagate error conditions during matching while evaluating context, leading to objects being used when they no longer exist. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. Vulnerabilidad de uso de memoria previamente liberada durante el procesamiento XSLT debido al error para propagar condiciones de error durante el proceso de b... • http://www.securityfocus.com/bid/97940 • CWE-416: Use After Free •
CVSS: 9.8EPSS: 0%CPEs: 17EXPL: 0CVE-2017-5464 – Mozilla: Memory corruption with accessibility and DOM manipulation (MFSA 2017-11, MFSA 2017-12)
https://notcve.org/view.php?id=CVE-2017-5464
20 Apr 2017 — During DOM manipulations of the accessibility tree through script, the DOM tree can become out of sync with the accessibility tree, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. Durante la manipulación DOM del árbol de accesibilidad mediante scripts, el árbol DOM puede desincronizarse con el árbol de accesibilidad, lo que conduce a una corrupción de memoria y a un cierre inesperado po... • http://www.securityfocus.com/bid/97940 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 18EXPL: 1CVE-2017-5445 – Mozilla: Uninitialized values used while parsing application/http-index-format content (MFSA 2017-11, MFSA 2017-12)
https://notcve.org/view.php?id=CVE-2017-5445
20 Apr 2017 — A vulnerability while parsing "application/http-index-format" format content where uninitialized values are used to create an array. This could allow the reading of uninitialized memory into the arrays affected. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. Vulnerabilidad al analizar contenido de formato "application/http-index-format" en el que se emplean variables no inicializadas para crear un array. Esto podría permitir la lectura de memoria no ... • http://www.securityfocus.com/bid/97940 • CWE-129: Improper Validation of Array Index •
CVSS: 9.8EPSS: 0%CPEs: 11EXPL: 0CVE-2017-5429 – Mozilla: Memory safety bugs fixed in Firefox 53, Firefox ESR 45.9, and Firefox ESR 52.1 (MFSA 2017-11, MFSA 2017-12)
https://notcve.org/view.php?id=CVE-2017-5429
20 Apr 2017 — Memory safety bugs were reported in Firefox 52, Firefox ESR 45.8, Firefox ESR 52, and Thunderbird 52. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. Se han reportado errores de seguridad de memoria en Firefox 52, Firefox ESR 45.8, Firefox ESR 52 y Thunderbird 52. Algunos de estos errores mostraron... • http://www.securityfocus.com/bid/97940 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 18EXPL: 1CVE-2017-5441 – Mozilla: Use-after-free with selection during scroll events (MFSA 2017-11, MFSA 2017-12)
https://notcve.org/view.php?id=CVE-2017-5441
20 Apr 2017 — A use-after-free vulnerability when holding a selection during scroll events. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. Vulnerabilidad de uso de memoria previamente liberada al mantener una selección durante los eventos de desplazamiento. Esto resulta en un cierre inesperado potencialmente explotable. • http://www.securityfocus.com/bid/97940 • CWE-416: Use After Free •
CVSS: 9.8EPSS: 0%CPEs: 18EXPL: 1CVE-2017-5446 – Mozilla: Out-of-bounds read when HTTP/2 DATA frames are sent with incorrect data (MFSA 2017-11, MFSA 2017-12)
https://notcve.org/view.php?id=CVE-2017-5446
20 Apr 2017 — An out-of-bounds read when an HTTP/2 connection to a servers sends "DATA" frames with incorrect data content. This leads to a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. Lectura fuera de límites cuando una conexión HTTP/2 a un servidor envía frames "DATA" con contenido data erróneo. Esto resulta en un cierre inesperado potencialmente explotable. • http://www.securityfocus.com/bid/97940 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 4%CPEs: 18EXPL: 0CVE-2017-5444 – Mozilla: Buffer overflow while parsing application/http-index-format content (MFSA 2017-11, MFSA 2017-12)
https://notcve.org/view.php?id=CVE-2017-5444
20 Apr 2017 — A buffer overflow vulnerability while parsing "application/http-index-format" format content when the header contains improperly formatted data. This allows for an out-of-bounds read of data from memory. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. Vulnerabilidad de desbordamiento de búfer al analizar contenido de formato "application/http-index-format" cuando la cabecera contiene datos formateados incorrectamente. Esto permite la lectura fuera de ... • http://www.securityfocus.com/bid/97940 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 18EXPL: 1CVE-2017-5460 – Mozilla: Use-after-free in frame selection (MFSA 2017-11, MFSA 2017-12)
https://notcve.org/view.php?id=CVE-2017-5460
20 Apr 2017 — A use-after-free vulnerability in frame selection triggered by a combination of malicious script content and key presses by a user. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. Vulnerabilidad de uso de memoria previamente liberada en la selección de frames desencadenada por una combinación de contenido de script malicioso y pulsaciones de tecla por parte de un usuario. Esto resulta en un cierre inesp... • http://www.securityfocus.com/bid/97940 • CWE-416: Use After Free •