News aggregator

CVE-2018-5092

National Vulnerability Database - Mon, 06/11/2018 - 17:29
A use-after-free vulnerability can occur when the thread for a Web Worker is freed from memory prematurely instead of from memory in the main thread while cancelling fetch operations. This vulnerability affects Firefox < 58.
Categories: Security News

CVE-2018-5093

National Vulnerability Database - Mon, 06/11/2018 - 17:29
A heap buffer overflow vulnerability may occur in WebAssembly during Memory/Table resizing, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 58.
Categories: Security News

CVE-2018-5094

National Vulnerability Database - Mon, 06/11/2018 - 17:29
A heap buffer overflow vulnerability may occur in WebAssembly when "shrinkElements" is called followed by garbage collection on memory that is now uninitialized. This results in a potentially exploitable crash. This vulnerability affects Firefox < 58.
Categories: Security News

CVE-2018-5095

National Vulnerability Database - Mon, 06/11/2018 - 17:29
An integer overflow vulnerability in the Skia library when allocating memory for edge builders on some systems with at least 8 GB of RAM. This results in the use of uninitialized memory, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58.
Categories: Security News

CVE-2018-5096

National Vulnerability Database - Mon, 06/11/2018 - 17:29
A use-after-free vulnerability can occur while editing events in form elements on a page, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR < 52.6 and Thunderbird < 52.6.
Categories: Security News

CVE-2018-5097

National Vulnerability Database - Mon, 06/11/2018 - 17:29
A use-after-free vulnerability can occur during XSL transformations when the source document for the transformation is manipulated by script content during the transformation. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58.
Categories: Security News

CVE-2018-5098

National Vulnerability Database - Mon, 06/11/2018 - 17:29
A use-after-free vulnerability can occur when form input elements, focus, and selections are manipulated by script content. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58.
Categories: Security News

CVE-2018-5099

National Vulnerability Database - Mon, 06/11/2018 - 17:29
A use-after-free vulnerability can occur when the widget listener is holding strong references to browser objects that have previously been freed, resulting in a potentially exploitable crash when these references are used. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58.
Categories: Security News

CVE-2018-5100

National Vulnerability Database - Mon, 06/11/2018 - 17:29
A use-after-free vulnerability can occur when arguments passed to the "IsPotentiallyScrollable" function are freed while still in use by scripts. This results in a potentially exploitable crash. This vulnerability affects Firefox < 58.
Categories: Security News

CVE-2018-5101

National Vulnerability Database - Mon, 06/11/2018 - 17:29
A use-after-free vulnerability can occur when manipulating floating "first-letter" style elements, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 58.
Categories: Security News

CVE-2018-5102

National Vulnerability Database - Mon, 06/11/2018 - 17:29
A use-after-free vulnerability can occur when manipulating HTML media elements with media streams, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58.
Categories: Security News

CVE-2018-5103

National Vulnerability Database - Mon, 06/11/2018 - 17:29
A use-after-free vulnerability can occur during mouse event handling due to issues with multiprocess support. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58.
Categories: Security News

CVE-2018-5104

National Vulnerability Database - Mon, 06/11/2018 - 17:29
A use-after-free vulnerability can occur during font face manipulation when a font face is freed while still in use, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58.
Categories: Security News

CVE-2017-7823

National Vulnerability Database - Mon, 06/11/2018 - 17:29
The content security policy (CSP) "sandbox" directive did not create a unique origin for the document, causing it to behave as if the "allow-same-origin" keyword were always specified. This could allow a Cross-Site Scripting (XSS) attack to be launched from unsafe content. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4.
Categories: Security News

CVE-2017-7824

National Vulnerability Database - Mon, 06/11/2018 - 17:29
A buffer overflow occurs when drawing and validating elements with the ANGLE graphics library, used for WebGL content. This is due to an incorrect value being passed within the library during checks and results in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4.
Categories: Security News

CVE-2017-7825

National Vulnerability Database - Mon, 06/11/2018 - 17:29
Several fonts on OS X display some Tibetan and Arabic characters as whitespace. When used in the addressbar as part of an IDN this can be used for domain name spoofing attacks. Note: This attack only affects OS X operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4.
Categories: Security News

CVE-2017-7826

National Vulnerability Database - Mon, 06/11/2018 - 17:29
Memory safety bugs were reported in Firefox 56 and Firefox ESR 52.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 57, Firefox ESR < 52.5, and Thunderbird < 52.5.
Categories: Security News

CVE-2017-7827

National Vulnerability Database - Mon, 06/11/2018 - 17:29
Memory safety bugs were reported in Firefox 56. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 57.
Categories: Security News

CVE-2017-7828

National Vulnerability Database - Mon, 06/11/2018 - 17:29
A use-after-free vulnerability can occur when flushing and resizing layout because the "PressShell" object has been freed while still in use. This results in a potentially exploitable crash during these operations. This vulnerability affects Firefox < 57, Firefox ESR < 52.5, and Thunderbird < 52.5.
Categories: Security News

CVE-2017-7829

National Vulnerability Database - Mon, 06/11/2018 - 17:29
It is possible to spoof the sender's email address and display an arbitrary sender address to the email recipient. The real sender's address is not displayed if preceded by a null character in the display string. This vulnerability affects Thunderbird < 52.5.2.
Categories: Security News

Pages