Linux Distros Unpatched Vulnerability : CVE-2019-9795

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability where type-confusion in the IonMonkey just-in-time JIT compiler could potentially be used by malicious JavaScript to trigger a potentially...

CVE-2019-9800

Mozilla developers and community members reported memory safety bugs present in Firefox 66, Firefox ESR 60.6, and Thunderbird 60.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This...

CVE-2019-9814

Mozilla developers and community members reported memory safety bugs present in Firefox 66. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox 67...

Memory corruption

Mozilla developers and community members reported memory safety bugs present in Firefox 66. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox 67...

CVE-2019-9800

Mozilla developers and community members reported memory safety bugs present in Firefox 66, Firefox ESR 60.6, and Thunderbird 60.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This...

CVE-2019-9814

Mozilla developers and community members reported memory safety bugs present in Firefox 66. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox 67...

CVE-2019-9814

Mozilla developers and community members reported memory safety bugs present in Firefox 66. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox 67...

Arbitrary Code Execution

Mozilla Thunderbird is vulnerable to arbitrary code execution. A type confusion due to memory safety bugs fixed in Firefox 66 and Firefox ESR 60.6 allows an attacker to execute arbitrary code in the host OS...

Mozilla: Type-confusion in IonMonkey JIT compiler

A vulnerability where type-confusion in the IonMonkey just-in-time JIT compiler could potentially be used by malicious JavaScript to trigger a potentially exploitable crash. This vulnerability affects Thunderbird 60.6, Firefox ESR 60.6, and Firefox 66...

CVE-2019-9809

If the source for resources on a page is through an FTP connection, it is possible to trigger a series of modal alert messages for these resources through invalid credentials or locations. These messages cannot be immediately dismissed, allowing for a denial of service DOS attack. This...

CVE-2019-9797

Cross-origin images can be read in violation of the same-origin policy by exporting an image after using createImageBitmap to read the image and then rendering the resulting bitmap image within a canvas element. This vulnerability affects Firefox 66...

CVE-2019-9804

In Firefox Developer Tools it is possible that pasting the result of the 'Copy as cURL' command into a command shell on macOS will cause the execution of unintended additional bash script commands if the URL was maliciously crafted. This is the result of an issue with the native version of Bash o...

Code injection

If a Sandbox content process is compromised, it can initiate an FTP download which will then use a child process to render the downloaded data. The downloaded data can then be passed to the Chrome process with an arbitrary file length supplied by an attacker, bypassing sandbox protections and all...

Code injection

If the source for resources on a page is through an FTP connection, it is possible to trigger a series of modal alert messages for these resources through invalid credentials or locations. These messages cannot be immediately dismissed, allowing for a denial of service DOS attack. This...

Design/Logic Flaw

If WebRTC permission is requested from documents with data: or blob: URLs, the permission notifications do not properly display the originating domain. The notification states "Unknown origin" as the requestee, leading to user confusion about which site is asking for this permission. This...

CVE-2019-9789

Mozilla developers and community members reported memory safety bugs present in Firefox 65. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox 66...

CVE-2019-9805

CVE-2019-9805 is a memory-corruption vulnerability in the Prio library used by Mozilla Firefox before 66. The issue arises from reading data from uninitialized memory in certain functions, potentially enabling exploitation and memory corruption. Affected product: Firefox

CVE-2019-9802

If a Sandbox content process is compromised, it can initiate an FTP download which will then use a child process to render the downloaded data. The downloaded data can then be passed to the Chrome process with an arbitrary file length supplied by an attacker, bypassing sandbox protections and all...

CVE-2019-9805

A latent vulnerability exists in the Prio library where data may be read from uninitialized memory for some functions, leading to potential memory corruption. This vulnerability affects Firefox 66...

CVE-2019-9797

CVE-2019-9797: Cross-origin images can be read in violation of the same-origin policy by exporting an image after read-through createImageBitmap and rendering the bitmap on a canvas. Affected product: Mozilla Firefox; impact is cross-origin image theft via canvas rendering. The vulnerability expl...