CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
EPSS
Percentile
97.8%
Mozilla Foundation reports:
CVE-2019-9815: Disable hyperthreading on content JavaScript threads on macOS
CVE-2019-9816: Type confusion with object groups and UnboxedObjects
CVE-2019-9817: Stealing of cross-domain images using canvas
CVE-2019-9818: Use-after-free in crash generation server
CVE-2019-9819: Compartment mismatch with fetch API
CVE-2019-9820: Use-after-free of ChromeEventHandler by DocShell
CVE-2019-9821: Use-after-free in AssertWorkerThread
CVE-2019-11691: Use-after-free in XMLHttpRequest
CVE-2019-11692: Use-after-free removing listeners in the event listener manager
CVE-2019-11693: Buffer overflow in WebGL bufferdata on Linux
CVE-2019-7317: Use-after-free in png_image_free of libpng library
CVE-2019-11694: Uninitialized memory memory leakage in Windows sandbox
CVE-2019-11695: Custom cursor can render over user interface outside of web content
CVE-2019-11696: Java web start .JNLP files are not recognized as executable files for download prompts
CVE-2019-11697: Pressing key combinations can bypass installation prompt delays and install extensions
CVE-2019-11698: Theft of user history data through drag and drop of hyperlinks to and from bookmarks
CVE-2019-11700: res: protocol can be used to open known local files
CVE-2019-11699: Incorrect domain name highlighting during page navigation
CVE-2019-11701: webcal: protocol default handler loads vulnerable web page
CVE-2019-9814: Memory safety bugs fixed in Firefox 67
CVE-2019-9800: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
FreeBSD | any | noarch | firefox | < 67.0,1 | UNKNOWN |
FreeBSD | any | noarch | waterfox | < 56.2.10 | UNKNOWN |
FreeBSD | any | noarch | seamonkey | < 2.53.0 | UNKNOWN |
FreeBSD | any | noarch | linux-seamonkey | < 2.53.0 | UNKNOWN |
FreeBSD | any | noarch | firefox-esr | < 60.7.0,1 | UNKNOWN |
FreeBSD | any | noarch | linux-firefox | < 60.7.0,2 | UNKNOWN |
FreeBSD | any | noarch | libxul | < 60.7.0 | UNKNOWN |
FreeBSD | any | noarch | thunderbird | < 60.7.0 | UNKNOWN |
FreeBSD | any | noarch | linux-thunderbird | < 60.7.0 | UNKNOWN |
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
EPSS
Percentile
97.8%