Redhat Enterprise Linux Server vulnerabilities

CVE-2017-7754 [HIGH] CWE-125 CVE-2017-7754: An out-of-bounds read in WebGL with a maliciously crafted "ImageInfo" object during WebGL operations An out-of-bounds read in WebGL with a maliciously crafted "ImageInfo" object during WebGL operations. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.

CVE-2017-5467 [HIGH] CWE-119 CVE-2017-5467: A potential memory corruption and crash when using Skia content when drawing content outside of the A potential memory corruption and crash when using Skia content when drawing content outside of the bounds of a clipping region. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53.

CVE-2018-5129 [HIGH] CWE-787 CVE-2018-5129: A lack of parameter validation on IPC messages results in a potential out-of-bounds write through ma A lack of parameter validation on IPC messages results in a potential out-of-bounds write through malformed IPC messages. This can potentially allow for sandbox escape through memory corruption in the parent process. This vulnerability affects Thunderbird < 52.7, Firefox ESR < 52.7, and Firefox < 59.

CVE-2018-5144 [HIGH] CWE-190 CVE-2018-5144: An integer overflow can occur during conversion of text to some Unicode character sets due to an unc An integer overflow can occur during conversion of text to some Unicode character sets due to an unchecked length parameter. This vulnerability affects Firefox ESR < 52.7 and Thunderbird < 52.7.

CVE-2017-7846 [HIGH] CWE-74 CVE-2017-7846: It is possible to execute JavaScript in the parsed RSS feed when RSS feed is viewed as a website, e. It is possible to execute JavaScript in the parsed RSS feed when RSS feed is viewed as a website, e.g. via "View -> Feed article -> Website" or in the standard format of "View -> Feed article -> default format". This vulnerability affects Thunderbird < 52.5.2.

CVE-2017-5436 [HIGH] CWE-787 CVE-2017-5436: An out-of-bounds write in the Graphite 2 library triggered with a maliciously crafted Graphite font. An out-of-bounds write in the Graphite 2 library triggered with a maliciously crafted Graphite font. This results in a potentially exploitable crash. This issue was fixed in the Graphite 2 library as well as Mozilla products. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.

CVE-2017-7814 [HIGH] CWE-20 CVE-2017-7814: File downloads encoded with "blob:" and "data:" URL elements bypassed normal file download checks th File downloads encoded with "blob:" and "data:" URL elements bypassed normal file download checks though the Phishing and Malware Protection feature and its block lists of suspicious sites and files. This would allow malicious sites to lure users into downloading executables that would otherwise be detected as suspicious. This vulnerability affects Firef

CVE-2017-7762 [HIGH] CWE-20 CVE-2017-7762: When entered directly, Reader Mode did not strip the username and password section of URLs displayed When entered directly, Reader Mode did not strip the username and password section of URLs displayed in the addressbar. This can be used for spoofing the domain of the current page. This vulnerability affects Firefox < 54.

CVE-2017-5449 [HIGH] CWE-20 CVE-2017-5449: A possibly exploitable crash triggered during layout and manipulation of bidirectional unicode text A possibly exploitable crash triggered during layout and manipulation of bidirectional unicode text in concert with CSS animations. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53.

CVE-2016-9905 [HIGH] CWE-284 CVE-2016-9905: A potentially exploitable crash in "EnumerateSubDocuments" while adding or removing sub-documents. T A potentially exploitable crash in "EnumerateSubDocuments" while adding or removing sub-documents. This vulnerability affects Firefox ESR < 45.6 and Thunderbird < 45.6.

CVE-2017-5454 [HIGH] CWE-200 CVE-2017-5454: A mechanism to bypass file system access protections in the sandbox to use the file picker to access A mechanism to bypass file system access protections in the sandbox to use the file picker to access different files than those selected in the file picker through the use of relative paths. This allows for read only access to the local file system. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53.

CVE-2018-5157 [HIGH] CWE-200 CVE-2018-5157: Same-origin protections for the PDF viewer can be bypassed, allowing a malicious site to intercept m Same-origin protections for the PDF viewer can be bypassed, allowing a malicious site to intercept messages meant for the viewer. This could allow the site to retrieve PDF files restricted to viewing by an authenticated user on a third-party website. This vulnerability affects Firefox ESR < 52.8 and Firefox < 60.

CVE-2016-9904 [HIGH] CWE-200 CVE-2016-9904: An attacker could use a JavaScript Map/Set timing attack to determine whether an atom is used by ano An attacker could use a JavaScript Map/Set timing attack to determine whether an atom is used by another compartment/zone in specific contexts. This could be used to leak information, such as usernames embedded in JavaScript code, across websites. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.

CVE-2018-5127 [HIGH] CWE-119 CVE-2018-5127: A buffer overflow can occur when manipulating the SVG "animatedPathSegList" through script. This res A buffer overflow can occur when manipulating the SVG "animatedPathSegList" through script. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.7, Firefox ESR < 52.7, and Firefox < 59.

CVE-2018-5178 [HIGH] CWE-119 CVE-2018-5178: A buffer overflow was found during UTF8 to Unicode string conversion within JavaScript with extremel A buffer overflow was found during UTF8 to Unicode string conversion within JavaScript with extremely large amounts of data. This vulnerability requires the use of a malicious or vulnerable legacy extension in order to occur. This vulnerability affects Thunderbird ESR < 52.8, Thunderbird < 52.8, and Firefox ESR < 52.8.

CVE-2018-5146 [HIGH] CWE-787 CVE-2018-5146: An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own co An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest. This vulnerability affects Firefox < 59.0.1, Firefox ESR < 52.7.2, and Thunderbird < 52.7.

CVE-2017-7798 [HIGH] CWE-94 CVE-2017-7798: The Developer Tools feature suffers from a XUL injection vulnerability due to improper sanitization The Developer Tools feature suffers from a XUL injection vulnerability due to improper sanitization of the web page source code. In the worst case, this could allow arbitrary code execution when opening a malicious page with the style editor tool. This vulnerability affects Firefox ESR < 52.3 and Firefox < 55.

CVE-2017-7787 [HIGH] CWE-200 CVE-2017-7787: Same-origin policy protections can be bypassed on pages with embedded iframes during page reloads, a Same-origin policy protections can be bypassed on pages with embedded iframes during page reloads, allowing the iframes to access content on the top level page, leading to information disclosure. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.

CVE-2017-5448 [HIGH] CWE-787 CVE-2017-5448: An out-of-bounds write in "ClearKeyDecryptor" while decrypting some Clearkey-encrypted media content An out-of-bounds write in "ClearKeyDecryptor" while decrypting some Clearkey-encrypted media content. The "ClearKeyDecryptor" code runs within the Gecko Media Plugin (GMP) sandbox. If a second mechanism is found to escape the sandbox, this vulnerability allows for the writing of arbitrary data within memory, resulting in a potentially exploitable crash.

CVE-2017-5378 [HIGH] CWE-200 CVE-2017-5378: Hashed codes of JavaScript objects are shared between pages. This allows for pointer leaks because a Hashed codes of JavaScript objects are shared between pages. This allows for pointer leaks because an object's address can be discovered through hash codes, and also allows for data leakage of an object's content using these hash codes. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.