75 matches found
MiracleLinux 4 : firefox-60.7.2-1.0.1.AXS4 (AXSA:2019-3914:03)
The remote MiracleLinux 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2019-3914:03 advisory. Security Fix - CVE-2019-11707, CVE-2019-11708 CVE CVEJVNhttp://jvndb.jvn.jp/ Tenable has extracted the preceding description block directly from the...
Ubuntu 16.04 LTS / 18.04 LTS : Firefox vulnerability (USN-4032-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-4032-1 advisory. It was discovered that a sandboxed child process could open arbitrary web content in the parent process via the Prompt:Open IPC message. When combined...
Mageia: Security Advisory (MGASA-2019-0202)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Mozilla Firefox Security Advisory (MFSA2019-19) - Linux
This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...
Exploit for Type Confusion in Mozilla Firefox
Exploit chain for CVE-2019-9791 & CVE-2019-11708 against Firef...
SUSE: Security Advisory (SUSE-SU-2019:1682-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2019:1684-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
NewStart CGSL MAIN 4.05 : firefox Multiple Vulnerabilities (NS-SA-2020-0017)
The remote NewStart CGSL host, running version MAIN 4.05, has firefox packages installed that are affected by multiple vulnerabilities: - Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed parent process...
openSUSE: Security Advisory for MozillaFirefox (openSUSE-SU-2019:1595-1)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Security Bulletin: One vulnerability of Mozzila Firefox (less than Firefox 60.7.2 ESR) has affected Synthetic Playback Agent 8.1.4.0 - 8.1.4 IF07
Summary Synthetic Playback Agent has addressed the following vulnerabilities: CVE-2019-11708 Vulnerability Details CVEID: CVE-2019-11708 DESCRIPTION: Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed paren...
Exploit for Improper Input Validation in Mozilla Firefox
Full chain exploit for CVE-2019-11708 & CVE-2019-9810 This is...
Oracle Linux 8 : firefox (ELSA-2019-1696)
The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2019-1696 advisory. 60.7.2-3.0.2 - Rebuild to pickup Oracle default bookmarks Orabug: 30069264 60.7.2-3.0.1 Add firefox-oracle-default-prefs.js and remove the correspondin...
NewStart CGSL CORE 5.05 / MAIN 5.05 : firefox Multiple Vulnerabilities (NS-SA-2019-0164)
The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has firefox packages installed that are affected by multiple vulnerabilities: - Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed paren...
Amazon Linux 2 : thunderbird (ALAS-2019-1250)
libical: Heap buffer over read in icalparser.c parsergetnextchar CVE-2019-11703 libical: Type confusion in icaltimezonegetvtimezoneproperties function in icalproperty.c CVE-2019-11706 Mozilla: Sandbox escape using Prompt:Open CVE-2019-11708 libical: Stack buffer overflow in icalrecuraddbydayrules...
CVE-2019-11708
Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed parent process opening web content chosen by a compromised child process. When combined with additional vulnerabilities this could result in executing...
CVE-2019-11708
CVE-2019-11708 is a sandbox-escape vulnerability in Mozilla Firefox ESR and Thunderbird caused by insufficient vetting of parameters in the Prompt:Open IPC message between child and parent processes, allowing a compromised child to cause the non-sandboxed parent to open web content and potentiall...
CVE-2019-11708
Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed parent process opening web content chosen by a compromised child process. When combined with additional vulnerabilities this could result in executing...
CVE-2019-11708
Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed parent process opening web content chosen by a compromised child process. When combined with additional vulnerabilities this could result in executing...
SUSE-SU-2019:14124-1 Security update for MozillaFirefox
This update for MozillaFirefox to version ESR 60.8 fixes the following issues: Security issues fixed: - CVE-2019-9811: Sandbox escape via installation of malicious language pack bsc1140868. - CVE-2019-11711: Script injection within domain through inner window reuse bsc1140868. - CVE-2019-11712:...
Ubuntu: Security Advisory (USN-4045-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...