Lucene search
K

19 matches found

NVD
NVD
added 2020/01/08 10:15 p.m.16 views

CVE-2019-17001

A Content-Security-Policy that blocks in-line scripts could be bypassed using an object tag to execute JavaScript in the protected document cross-site scripting. This is a separate bypass from CVE-2019-17000.Note: This flaw only affected Firefox 69 and was not present in earlier versions.. This...

6.1CVSS5.9AI score0.00802EPSS
Exploits0References2
Prion
Prion
added 2020/01/08 10:15 p.m.23 views

Cross site scripting

A Content-Security-Policy that blocks in-line scripts could be bypassed using an object tag to execute JavaScript in the protected document cross-site scripting. This is a separate bypass from CVE-2019-17000.Note: This flaw only affected Firefox 69 and was not present in earlier versions.. This...

5.8CVSS5.7AI score0.00809EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2020/01/08 9:41 p.m.20 views

CVE-2019-17001

A Content-Security-Policy that blocks in-line scripts could be bypassed using an object tag to execute JavaScript in the protected document cross-site scripting. This is a separate bypass from CVE-2019-17000.Note: This flaw only affected Firefox 69 and was not present in earlier versions.. This...

6.6AI score0.00802EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2020/01/08 9:41 p.m.26 views

CVE-2019-17001

A Content-Security-Policy that blocks in-line scripts could be bypassed using an object tag to execute JavaScript in the protected document cross-site scripting. This is a separate bypass from CVE-2019-17000.Note: This flaw only affected Firefox 69 and was not present in earlier versions.. This...

6.1CVSS8.1AI score0.00802EPSS
Exploits0
Prion
Prion
added 2020/01/08 9:15 p.m.20 views

Memory corruption

Mozilla developers and community members reported memory safety bugs present in Firefox 69 and Firefox ESR 68.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could be exploited to run arbitrary code. This vulnerability affects Firefo...

6.8CVSS8.8AI score0.0146EPSS
Exploits1References6Affected Software4
RedhatCVE
RedhatCVE
added 2020/01/04 9:52 p.m.28 views

CVE-2019-11764

Mozilla developers and community members reported memory safety bugs present in Firefox 69 and Firefox ESR 68.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could be exploited to run arbitrary code. This vulnerability affects Firefo...

8.8CVSS3.1AI score0.0146EPSS
Exploits1References4
UbuntuCve
UbuntuCve
added 2019/10/23 12:0 a.m.37 views

CVE-2019-11764

Mozilla developers and community members reported memory safety bugs present in Firefox 69 and Firefox ESR 68.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could be exploited to run arbitrary code. This vulnerability affects Firefo...

8.8CVSS7.3AI score0.0146EPSS
Exploits1References5
NVD
NVD
added 2019/09/27 6:15 p.m.20 views

CVE-2019-11750

A type confusion vulnerability exists in Spidermonkey, which results in a non-exploitable crash. This vulnerability affects Firefox 69 and Firefox ESR 68.1...

6.5CVSS6.1AI score0.01262EPSS
Exploits0References5
NVD
NVD
added 2019/09/27 6:15 p.m.16 views

CVE-2019-11738

If a Content Security Policy CSP directive is defined that uses a hash-based source that takes the empty string as input, execution of any javascript: URIs will be allowed. This could allow for malicious JavaScript content to be run, bypassing CSP permissions. This vulnerability affects Firefox 6...

6.8CVSS5.9AI score0.01447EPSS
Exploits1References5
NVD
NVD
added 2019/09/27 6:15 p.m.15 views

CVE-2019-11735

Mozilla developers and community members reported memory safety bugs present in Firefox 68 and Firefox ESR 68. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects...

8.8CVSS9.1AI score0.01179EPSS
Exploits0References5
Prion
Prion
added 2019/09/27 6:15 p.m.17 views

Cross site scripting

A compromised sandboxed content process can perform a Universal Cross-site Scripting UXSS attack on content from any site it can cause to be loaded in the same process. Because addons.mozilla.org and accounts.firefox.com have close ties to the Firefox product, malicious manipulation of these site...

4.3CVSS6.7AI score0.00587EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2019/09/27 6:15 p.m.22 views

Cross site scripting

Some HTML elements, such as title and textarea, can contain literal angle brackets without treating them as markup. It is possible to pass a literal closing tag to .innerHTML on these elements, and subsequent content after that will be parsed as if it were outside the tag. This can lead to XSS if...

4.3CVSS6.2AI score0.0145EPSS
Exploits0References12Affected Software3
Debian CVE
Debian CVE
added 2019/09/27 5:13 p.m.21 views

CVE-2019-11753

The Firefox installer allows Firefox to be installed to a custom user writable location, leaving it unprotected from manipulation by unprivileged users or malware. If the Mozilla Maintenance Service is manipulated to update this unprotected location and the updated maintenance service in the...

7.8CVSS8.4AI score0.00228EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2019/09/04 8:14 p.m.4 views

Mozilla: Memory safety bugs fixed in Firefox 69 and Firefox ESR 68.1

Mozilla developers and community members reported memory safety bugs present in Firefox 68 and Firefox ESR 68. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects...

8.8CVSS7.4AI score0.01179EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2019/09/04 8:14 p.m.5 views

Mozilla: Sandbox escape through Firefox Sync

Given a compromised sandboxed content process due to a separate vulnerability, it is possible to escape that sandbox by loading accounts.firefox.com in that process and forcing a log-in to a malicious Firefox Sync account. Preference settings that disable the sandbox are then synchronized to the...

9.3CVSS7.3AI score0.01302EPSS
Exploits0References5
The Hacker News
The Hacker News
added 2019/09/04 9:21 a.m.149 views

Firefox 69 Now Blocks 3rd-Party Tracking Cookies and Cryptominers By Default

Mozilla has finally enabled the "Enhanced Tracking Protection" feature for all of its web browser users worldwide by default with the official launch of Firefox 69 for Windows, Mac, Linux, and Android. The company enabled the "Enhanced Tracking Protection" setting by default for its browser in Ju...

0.1AI score
Exploits0
RedhatCVE
RedhatCVE
added 2019/09/04 1:23 a.m.28 views

CVE-2019-11748

WebRTC in Firefox will honor persisted permissions given to sites for access to microphone and camera resources even when in a third-party context. In light of recent high profile vulnerabilities in other software, a decision was made to no longer persist these permissions. This avoids the...

6.5CVSS1.3AI score0.01031EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2019/09/04 12:0 a.m.32 views

CVE-2019-11741

A compromised sandboxed content process can perform a Universal Cross-site Scripting UXSS attack on content from any site it can cause to be loaded in the same process. Because addons.mozilla.org and accounts.firefox.com have close ties to the Firefox product, malicious manipulation of these site...

6.1CVSS6.6AI score0.00587EPSS
Exploits0References3
OSV
OSV
added 2019/09/04 12:0 a.m.1 views

UBUNTU-CVE-2019-11747

The "Forget about this site" feature in the History pane is intended to remove all saved user data that indicates a user has visited a site. This includes removing any HTTP Strict Transport Security HSTS settings received from sites that use it. Due to a bug, sites on the pre-load list also have...

6.5CVSS7.2AI score0.01195EPSS
Exploits0References4
Rows per page
Query Builder