Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2017-7754 An out-of-bounds read in WebGL with a maliciously crafted "ImageInfo" object during WebGL operations. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. | N/A | NONE | β | 0 |
| CVE-2017-7755 The Firefox installer on Windows can be made to load malicious DLL files stored in the same directory as the installer when it is run. This allows privileged execution if the installer is run with ele... | N/A | NONE | β | 0 |
| CVE-2017-7756 A use-after-free and use-after-scope vulnerability when logging errors from headers for XML HTTP Requests (XHR). This could result in a potentially exploitable crash. This vulnerability affects Firefo... | N/A | NONE | β | 0 |
| CVE-2017-7757 A use-after-free vulnerability in IndexedDB when one of its objects is destroyed in memory while a method on it is still being executed. This results in a potentially exploitable crash. This vulnerabi... | N/A | NONE | β | 0 |
| CVE-2017-7758 An out-of-bounds read vulnerability with the Opus encoder when the number of channels in an audio stream changes while the encoder is in use. This vulnerability affects Firefox < 54, Firefox ESR < 52.... | N/A | NONE | β | 0 |
| CVE-2025-43470 A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.1. A standard user may be able to view files made from a disk image belonging to an administrator. | 5.5 | MEDIUM | β | 0 |
| CVE-2017-7760 The Mozilla Windows updater modifies some files to be updated by reading the original file and applying changes to it. The location of the original file can be altered by a malicious user by passing a... | N/A | NONE | β | 0 |
| CVE-2017-7761 The Mozilla Maintenance Service "helper.exe" application creates a temporary directory writable by non-privileged users. When this is combined with creation of a junction (a form of symbolic link), pr... | N/A | NONE | β | 0 |
| CVE-2017-7763 Default fonts on OS X display some Tibetan characters as whitespace. When used in the addressbar as part of an IDN this can be used for domain name spoofing attacks. Note: This attack only affects OS ... | N/A | NONE | β | 0 |
| CVE-2017-7764 Characters from the "Canadian Syllabics" unicode block can be mixed with characters from other unicode blocks in the addressbar instead of being rendered as their raw "punycode" form, allowing for dom... | N/A | NONE | β | 0 |
| CVE-2023-40900 Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter list at /goform/SetNetControlList. | 9.8 | CRITICAL | β | 0 |
| CVE-2017-7765 The "Mark of the Web" was not correctly saved on Windows when files with very long names were downloaded from the Internet. Without the Mark of the Web data, the security warning that Windows displays... | N/A | NONE | β | 0 |
| CVE-2017-7766 An attack using manipulation of "updater.ini" contents, used by the Mozilla Windows Updater, and privilege escalation through the Mozilla Maintenance Service to allow for arbitrary file execution and ... | N/A | NONE | β | 0 |
| CVE-2017-7767 The Mozilla Maintenance Service can be invoked by an unprivileged user to overwrite arbitrary files with junk data using the Mozilla Windows Updater, which runs with the Maintenance Service's privileg... | N/A | NONE | β | 0 |
| CVE-2017-7768 The Mozilla Maintenance Service can be invoked by an unprivileged user to read 32 bytes of any arbitrary file on the local system by convincing the service that it is reading a status file provided by... | N/A | NONE | β | 0 |
| CVE-2017-7778 A number of security vulnerabilities in the Graphite 2 library including out-of-bounds reads, buffer overflow reads and writes, and the use of uninitialized memory. These issues were addressed in Grap... | N/A | NONE | β | 0 |
| CVE-2017-7779 Memory safety bugs were reported in Firefox 54, Firefox ESR 52.2, and Thunderbird 52.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of thes... | N/A | NONE | β | 0 |
| CVE-2017-7782 An error in the "WindowsDllDetourPatcher" where a RWX ("Read/Write/Execute") 4k block is allocated but never protected, violating DEP protections. Note: This attack only affects Windows operating syst... | N/A | NONE | β | 0 |
| CVE-2017-7785 A buffer overflow can occur when manipulating Accessible Rich Internet Applications (ARIA) attributes within the DOM. This results in a potentially exploitable crash. This vulnerability affects Thunde... | N/A | NONE | β | 0 |
| CVE-2017-7791 On pages containing an iframe, the "data:" protocol can be used to create a modal alert that will render over arbitrary domains following page navigation, spoofing of the origin of the modal alert fro... | N/A | NONE | β | 0 |
| CVE-2017-7792 A buffer overflow will occur when viewing a certificate in the certificate manager if the certificate has an extremely long object identifier (OID). This results in a potentially exploitable crash. Th... | N/A | NONE | β | 0 |
| CVE-2017-7793 A use-after-free vulnerability can occur in the Fetch API when the worker or the associated window are freed when still in use, resulting in a potentially exploitable crash. This vulnerability affects... | N/A | NONE | β | 0 |
| CVE-2017-7798 The Developer Tools feature suffers from a XUL injection vulnerability due to improper sanitization of the web page source code. In the worst case, this could allow arbitrary code execution when openi... | N/A | NONE | β | 0 |
| CVE-2017-7800 A use-after-free vulnerability can occur in WebSockets when the object holding the connection is freed before the disconnection operation is finished. This results in an exploitable crash. This vulner... | N/A | NONE | β | 0 |
| CVE-2017-7801 A use-after-free vulnerability can occur while re-computing layout for a "marquee" element during window resizing where the updated style object is freed while still in use. This results in a potentia... | N/A | NONE | β | 0 |
| CVE-2017-7802 A use-after-free vulnerability can occur when manipulating the DOM during the resize event of an image element. If these elements have been freed due to a lack of strong references, a potentially expl... | N/A | NONE | β | 0 |
| CVE-2017-7803 When a page's content security policy (CSP) header contains a "sandbox" directive, other directives are ignored. This results in the incorrect enforcement of CSP. This vulnerability affects Thunderbir... | N/A | NONE | β | 0 |
| CVE-2017-7804 The destructor function for the "WindowsDllDetourPatcher" class can be re-purposed by malicious code in concert with another vulnerability to write arbitrary data to an attacker controlled location in... | N/A | NONE | β | 0 |
| CVE-2017-7807 A mechanism that uses AppCache to hijack a URL in a domain using fallback by serving the files from a sub-path on the domain. This has been addressed by requiring fallback files be inside the manifest... | N/A | NONE | β | 0 |
| CVE-2017-7809 A use-after-free vulnerability can occur when an editor DOM node is deleted prematurely during tree traversal while still bound to the document. This results in a potentially exploitable crash. This v... | N/A | NONE | β | 0 |
| CVE-2017-7810 Memory safety bugs were reported in Firefox 55 and Firefox ESR 52.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploite... | N/A | NONE | β | 0 |
| CVE-2017-7814 File downloads encoded with "blob:" and "data:" URL elements bypassed normal file download checks though the Phishing and Malware Protection feature and its block lists of suspicious sites and files. ... | N/A | NONE | β | 0 |
| CVE-2017-7818 A use-after-free vulnerability can occur when manipulating arrays of Accessible Rich Internet Applications (ARIA) elements within containers through the DOM. This results in a potentially exploitable ... | N/A | NONE | β | 0 |
| CVE-2017-7819 A use-after-free vulnerability can occur in design mode when image objects are resized if objects referenced during the resizing have been freed from memory. This results in a potentially exploitable ... | N/A | NONE | β | 0 |
| CVE-2017-7823 The content security policy (CSP) "sandbox" directive did not create a unique origin for the document, causing it to behave as if the "allow-same-origin" keyword were always specified. This could allo... | N/A | NONE | β | 0 |
| CVE-2017-7824 A buffer overflow occurs when drawing and validating elements with the ANGLE graphics library, used for WebGL content. This is due to an incorrect value being passed within the library during checks a... | N/A | NONE | β | 0 |
| CVE-2017-7825 Several fonts on OS X display some Tibetan and Arabic characters as whitespace. When used in the addressbar as part of an IDN this can be used for domain name spoofing attacks. Note: This attack only ... | N/A | NONE | β | 0 |
| CVE-2017-7826 Memory safety bugs were reported in Firefox 56 and Firefox ESR 52.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploite... | N/A | NONE | β | 0 |
| CVE-2017-7828 A use-after-free vulnerability can occur when flushing and resizing layout because the "PressShell" object has been freed while still in use. This results in a potentially exploitable crash during the... | N/A | NONE | β | 0 |
| CVE-2025-3526 SessionClicks in Liferay Portal 7.0.0 through 7.4.3.21, and Liferay DXP 7.4 GA through update 9, 7.3 GA through update 25, and older unsupported versions does not restrict the saving of request parame... | 7.5 | HIGH | β | 0 |
| CVE-2017-7830 The Resource Timing API incorrectly revealed navigations in cross-origin iframes. This is a same-origin policy violation and could allow for data theft of URLs loaded by users. This vulnerability affe... | N/A | NONE | β | 0 |
| CVE-2017-7843 When Private Browsing mode is used, it is possible for a web worker to write persistent data to IndexedDB and fingerprint a user uniquely. IndexedDB should not be available in Private Browsing mode an... | N/A | NONE | β | 0 |
| CVE-2017-7845 A buffer overflow occurs when drawing and validating elements using Direct 3D 9 with the ANGLE graphics library, used for WebGL content. This is due to an incorrect value being passed within the libra... | N/A | NONE | β | 0 |
| CVE-2018-5089 Memory safety bugs were reported in Firefox 57 and Firefox ESR 52.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploite... | N/A | NONE | β | 0 |
| CVE-2018-5091 A use-after-free vulnerability can occur during WebRTC connections when interacting with the DTMF timers. This results in a potentially exploitable crash. This vulnerability affects Firefox ESR < 52.6... | N/A | NONE | β | 0 |
| CVE-2018-5103 A use-after-free vulnerability can occur during mouse event handling due to issues with multiprocess support. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < ... | N/A | NONE | β | 0 |
| CVE-2018-5095 An integer overflow vulnerability in the Skia library when allocating memory for edge builders on some systems with at least 8 GB of RAM. This results in the use of uninitialized memory, resulting in ... | N/A | NONE | β | 0 |
| CVE-2018-5096 A use-after-free vulnerability can occur while editing events in form elements on a page, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR < 52.6 and Thunderbird < ... | N/A | NONE | β | 0 |
| CVE-2018-5097 A use-after-free vulnerability can occur during XSL transformations when the source document for the transformation is manipulated by script content during the transformation. This results in a potent... | N/A | NONE | β | 0 |
| CVE-2018-5098 A use-after-free vulnerability can occur when form input elements, focus, and selections are manipulated by script content. This results in a potentially exploitable crash. This vulnerability affects ... | N/A | NONE | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.