Lucene search
K

15 matches found

Prion
Prion
added 2020/01/08 9:15 p.m.21 views

Memory corruption

Mozilla developers and community members reported memory safety bugs present in Firefox 69 and Firefox ESR 68.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could be exploited to run arbitrary code. This vulnerability affects Firefo...

6.8CVSS8.8AI score0.0146EPSS
Exploits1References6Affected Software4
RedhatCVE
RedhatCVE
added 2020/01/04 9:52 p.m.29 views

CVE-2019-11764

Mozilla developers and community members reported memory safety bugs present in Firefox 69 and Firefox ESR 68.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could be exploited to run arbitrary code. This vulnerability affects Firefo...

8.8CVSS3.1AI score0.0146EPSS
Exploits1References4
UbuntuCve
UbuntuCve
added 2019/10/23 12:0 a.m.37 views

CVE-2019-11764

Mozilla developers and community members reported memory safety bugs present in Firefox 69 and Firefox ESR 68.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could be exploited to run arbitrary code. This vulnerability affects Firefo...

8.8CVSS7.3AI score0.0146EPSS
Exploits1References5
Mozilla
Mozilla
added 2019/10/22 12:0 a.m.48 views

Security vulnerabilities fixed in - Thunderbird 68.2 — Mozilla

In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early. A subsequent call to XMLGetCurrentLineNumber or XMLGetCurrentColumnNumber then resulted in a heap-based buffer over-read. When following the value's prototype chain, it...

8.8CVSS1.1AI score0.06643EPSS
Exploits2References9Affected Software1
NVD
NVD
added 2019/09/27 6:15 p.m.20 views

CVE-2019-11750

A type confusion vulnerability exists in Spidermonkey, which results in a non-exploitable crash. This vulnerability affects Firefox 69 and Firefox ESR 68.1...

6.5CVSS6.1AI score0.01262EPSS
Exploits0References5
NVD
NVD
added 2019/09/27 6:15 p.m.17 views

CVE-2019-11735

Mozilla developers and community members reported memory safety bugs present in Firefox 68 and Firefox ESR 68. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects...

8.8CVSS9.1AI score0.01179EPSS
Exploits0References5
NVD
NVD
added 2019/09/27 6:15 p.m.16 views

CVE-2019-11738

If a Content Security Policy CSP directive is defined that uses a hash-based source that takes the empty string as input, execution of any javascript: URIs will be allowed. This could allow for malicious JavaScript content to be run, bypassing CSP permissions. This vulnerability affects Firefox 6...

6.8CVSS5.9AI score0.01447EPSS
Exploits1References5
UbuntuCve
UbuntuCve
added 2019/09/27 6:15 p.m.32 views

CVE-2019-11751

Logging-related command line parameters are not properly sanitized when Firefox is launched by another program, such as when a user clicks on malicious links in a chat application. This can be used to write a log file to an arbitrary location such as the Windows 'Startup' folder. Note: this issue...

8.8CVSS7.3AI score0.01062EPSS
Exploits0References2
Prion
Prion
added 2019/09/27 6:15 p.m.22 views

Cross site scripting

Some HTML elements, such as title and textarea, can contain literal angle brackets without treating them as markup. It is possible to pass a literal closing tag to .innerHTML on these elements, and subsequent content after that will be parsed as if it were outside the tag. This can lead to XSS if...

4.3CVSS6.2AI score0.0145EPSS
Exploits0References12Affected Software3
Cvelist
Cvelist
added 2019/09/27 5:21 p.m.16 views

CVE-2019-11735

Mozilla developers and community members reported memory safety bugs present in Firefox 68 and Firefox ESR 68. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects...

9.5AI score0.01179EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2019/09/27 5:13 p.m.21 views

CVE-2019-11753

The Firefox installer allows Firefox to be installed to a custom user writable location, leaving it unprotected from manipulation by unprivileged users or malware. If the Mozilla Maintenance Service is manipulated to update this unprotected location and the updated maintenance service in the...

7.8CVSS8.4AI score0.00228EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2019/09/09 12:0 a.m.48 views

Oracle Linux 8 : firefox (ELSA-2019-2663)

The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2019-2663 advisory. 68.1.0-1.0.1 - Rebuild to pickup Oracle default bookmarks Orabug: 30069264 - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat...

9.3CVSS7.4AI score0.0216EPSS
Exploits2References14
RedHat Linux
RedHat Linux
added 2019/09/04 8:14 p.m.4 views

Mozilla: Memory safety bugs fixed in Firefox 69 and Firefox ESR 68.1

Mozilla developers and community members reported memory safety bugs present in Firefox 68 and Firefox ESR 68. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects...

8.8CVSS7.4AI score0.01179EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2019/09/04 8:14 p.m.5 views

Mozilla: Sandbox escape through Firefox Sync

Given a compromised sandboxed content process due to a separate vulnerability, it is possible to escape that sandbox by loading accounts.firefox.com in that process and forcing a log-in to a malicious Firefox Sync account. Preference settings that disable the sandbox are then synchronized to the...

9.3CVSS7.3AI score0.01302EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2019/09/04 1:23 a.m.28 views

CVE-2019-11748

WebRTC in Firefox will honor persisted permissions given to sites for access to microphone and camera resources even when in a third-party context. In light of recent high profile vulnerabilities in other software, a decision was made to no longer persist these permissions. This avoids the...

6.5CVSS1.3AI score0.01031EPSS
Exploits0References4
Rows per page
Query Builder