Log

CVE-2017-5396 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ A use-after-free vulnerability has been found in the Media Decoder of Firefox < 51 and Thunderbird < 45.7, when working with media files when some events are fired after the media elements are freed from memory.
References
+ https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5396
+ https://bugzilla.mozilla.org/show_bug.cgi?id=1329403
Notes
CVE-2017-5398 created at 25 Sep 2019 19:31:40
Severity
+ Critical
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ Several memory safety bugs, some of them leading to memory corruption issues have been found in Firefox < 52 and Thunderbird < 45.8.
References
+ https://www.mozilla.org/en-US/security/advisories/mfsa2017-07/#CVE-2017-5398
+ https://bugzilla.mozilla.org/buglist.cgi?bug_id=1332550%2C1332597%2C1338383%2C1321612%2C1322971%2C1333568%2C1333887%2C1335450%2C1325052%2C1324379%2C1336510
Notes
CVE-2017-5399 created at 25 Sep 2019 19:31:40
Severity
+ Critical
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ Several memory safety bugs, some of them leading to memory corruption issues have been found in Firefox < 52.
References
+ https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5399
+ https://bugzilla.mozilla.org/buglist.cgi?bug_id=1332569%2C1315248%2C1261335%2C1321038%2C1331771%2C1339566%2C1339591%2C1240893%2C1341905%2C1323241%2C1336467%2C1270288%2C1295299%2C1296024%2C1304201%2C1306142%2C1307557%2C1308036%2C1334246%2C1334290%2C1317085%2C1339116%2C1324000%2C1323150%2C1332501%2C1320894%2C1333752%2C1303713%2C1321566%2C1264053%2C1343513
Notes
CVE-2017-5400 created at 25 Sep 2019 19:31:40
Severity
+ Critical
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ JIT-spray targeting asm.js combined with a heap spray allows for a bypass of ASLR and DEP protections leading to potential memory corruption attacks.
References
+ https://www.mozilla.org/en-US/security/advisories/mfsa2017-07/#CVE-2017-5400
+ https://bugzilla.mozilla.org/show_bug.cgi?id=1334933
Notes
CVE-2017-5401 created at 25 Sep 2019 19:31:40
Severity
+ Critical
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ A crash triggerable by web content in which an ErrorResult references unassigned memory due to a logic error.
References
+ https://www.mozilla.org/en-US/security/advisories/mfsa2017-07/#CVE-2017-5401
+ https://bugzilla.mozilla.org/show_bug.cgi?id=1328861
Notes
CVE-2017-5402 created at 25 Sep 2019 19:31:40
Severity
+ Critical
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ A use-after-free can occur when events are fired for a FontFace object after the object has been already been destroyed while working with fonts.
References
+ https://www.mozilla.org/en-US/security/advisories/mfsa2017-07/#CVE-2017-5402
+ https://bugzilla.mozilla.org/show_bug.cgi?id=1334876
Notes
CVE-2017-5403 created at 25 Sep 2019 19:31:40
Severity
+ Critical
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ When adding a range to an object in the DOM, it is possible to use addRange to add the range to an incorrect root object. This triggers a use-after-free, resulting in a potentially exploitable crash.
References
+ https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5403
+ https://bugzilla.mozilla.org/show_bug.cgi?id=1340186
Notes
CVE-2017-5404 created at 25 Sep 2019 19:31:40
Severity
+ Critical
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ A use-after-free error can occur when manipulating ranges in selections with one node inside a native anonymous tree and one node outside of it. This results in a potentially exploitable crash.
References
+ https://www.mozilla.org/en-US/security/advisories/mfsa2017-07/#CVE-2017-5404
+ https://bugzilla.mozilla.org/show_bug.cgi?id=1340138
Notes
CVE-2017-5405 created at 25 Sep 2019 19:31:40
Severity
+ Low
Remote
+ Remote
Type
+ Content spoofing
Description
+ Certain response codes in FTP connections can result in the use of uninitialized values for ports in FTP operations.
References
+ https://www.mozilla.org/en-US/security/advisories/mfsa2017-07/#CVE-2017-5405
+ https://bugzilla.mozilla.org/show_bug.cgi?id=1336699
Notes
CVE-2017-5406 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Denial of service
Description
+ A segmentation fault can occur in the Skia graphics library during some canvas operations due to issues with mask/clip intersection and empty masks.
References
+ https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5406
+ https://bugzilla.mozilla.org/show_bug.cgi?id=1306890
Notes