Redhat Enterprise Linux Server Eus vulnerabilities

CVE-2017-5396 [CRITICAL] CWE-416 CVE-2017-5396: A use-after-free vulnerability in the Media Decoder when working with media files when some events a A use-after-free vulnerability in the Media Decoder when working with media files when some events are fired after the media elements are freed from memory. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.

CVE-2017-5442 [CRITICAL] CWE-416 CVE-2017-5442: A use-after-free vulnerability during changes in style when manipulating DOM elements. This results A use-after-free vulnerability during changes in style when manipulating DOM elements. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.

CVE-2017-7828 [CRITICAL] CWE-416 CVE-2017-7828: A use-after-free vulnerability can occur when flushing and resizing layout because the "PressShell" A use-after-free vulnerability can occur when flushing and resizing layout because the "PressShell" object has been freed while still in use. This results in a potentially exploitable crash during these operations. This vulnerability affects Firefox < 57, Firefox ESR < 52.5, and Thunderbird < 52.5.

CVE-2017-7818 [CRITICAL] CWE-416 CVE-2017-7818: A use-after-free vulnerability can occur when manipulating arrays of Accessible Rich Internet Applic A use-after-free vulnerability can occur when manipulating arrays of Accessible Rich Internet Applications (ARIA) elements within containers through the DOM. This results in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4.

CVE-2018-5150 [CRITICAL] CWE-119 CVE-2018-5150: Memory safety bugs were reported in Firefox 59, Firefox ESR 52.7, and Thunderbird 52.7. Some of thes Memory safety bugs were reported in Firefox 59, Firefox ESR 52.7, and Thunderbird 52.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8

CVE-2017-5433 [CRITICAL] CWE-416 CVE-2017-5433: A use-after-free vulnerability in SMIL animation functions occurs when pointers to animation element A use-after-free vulnerability in SMIL animation functions occurs when pointers to animation elements in an array are dropped from the animation controller while still in use. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.

CVE-2017-5432 [CRITICAL] CWE-416 CVE-2017-5432: A use-after-free vulnerability occurs during certain text input selection resulting in a potentially A use-after-free vulnerability occurs during certain text input selection resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.

CVE-2017-7758 [CRITICAL] CWE-125 CVE-2017-7758: An out-of-bounds read vulnerability with the Opus encoder when the number of channels in an audio st An out-of-bounds read vulnerability with the Opus encoder when the number of channels in an audio stream changes while the encoder is in use. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.

CVE-2017-7785 [CRITICAL] CWE-119 CVE-2017-7785: A buffer overflow can occur when manipulating Accessible Rich Internet Applications (ARIA) attribute A buffer overflow can occur when manipulating Accessible Rich Internet Applications (ARIA) attributes within the DOM. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.

CVE-2018-5154 [CRITICAL] CWE-416 CVE-2018-5154: A use-after-free vulnerability can occur while enumerating attributes during SVG animations with cli A use-after-free vulnerability can occur while enumerating attributes during SVG animations with clip paths. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8.

CVE-2017-5428 [CRITICAL] CWE-190 CVE-2017-5428: An integer overflow in "createImageBitmap()" was reported through the Pwn2Own contest. The fix for t An integer overflow in "createImageBitmap()" was reported through the Pwn2Own contest. The fix for this vulnerability disables the experimental extensions to the "createImageBitmap" API. This function runs in the content sandbox, requiring a second vulnerability to compromise a user's computer. This vulnerability affects Firefox ESR < 52.0.1 and Fir

CVE-2018-5097 [CRITICAL] CWE-416 CVE-2018-5097: A use-after-free vulnerability can occur during XSL transformations when the source document for the A use-after-free vulnerability can occur during XSL transformations when the source document for the transformation is manipulated by script content during the transformation. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58.

CVE-2017-7792 [CRITICAL] CWE-119 CVE-2017-7792: A buffer overflow will occur when viewing a certificate in the certificate manager if the certificat A buffer overflow will occur when viewing a certificate in the certificate manager if the certificate has an extremely long object identifier (OID). This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.

CVE-2018-5183 [CRITICAL] CWE-119 CVE-2018-5183: Mozilla developers backported selected changes in the Skia library. These changes correct memory cor Mozilla developers backported selected changes in the Skia library. These changes correct memory corruption issues including invalid buffer reads and writes during graphic operations. This vulnerability affects Thunderbird ESR < 52.8, Thunderbird < 52.8, and Firefox ESR < 52.8.

CVE-2017-5410 [CRITICAL] CWE-119 CVE-2017-5410: Memory corruption resulting in a potentially exploitable crash during garbage collection of JavaScri Memory corruption resulting in a potentially exploitable crash during garbage collection of JavaScript due errors in how incremental sweeping is managed for memory cleanup. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8.

CVE-2017-7810 [CRITICAL] CWE-119 CVE-2017-7810: Memory safety bugs were reported in Firefox 55 and Firefox ESR 52.3. Some of these bugs showed evide Memory safety bugs were reported in Firefox 55 and Firefox ESR 52.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4.

CVE-2018-5104 [CRITICAL] CWE-416 CVE-2018-5104: A use-after-free vulnerability can occur during font face manipulation when a font face is freed whi A use-after-free vulnerability can occur during font face manipulation when a font face is freed while still in use, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58.

CVE-2017-7793 [CRITICAL] CWE-416 CVE-2017-7793: A use-after-free vulnerability can occur in the Fetch API when the worker or the associated window a A use-after-free vulnerability can occur in the Fetch API when the worker or the associated window are freed when still in use, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4.

CVE-2018-5096 [CRITICAL] CWE-416 CVE-2018-5096: A use-after-free vulnerability can occur while editing events in form elements on a page, resulting A use-after-free vulnerability can occur while editing events in form elements on a page, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR < 52.6 and Thunderbird < 52.6.

CVE-2017-7802 [CRITICAL] CWE-416 CVE-2017-7802: A use-after-free vulnerability can occur when manipulating the DOM during the resize event of an ima A use-after-free vulnerability can occur when manipulating the DOM during the resize event of an image element. If these elements have been freed due to a lack of strong references, a potentially exploitable crash may occur when the freed elements are accessed. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.