SUSE CVE-2019-9819

A vulnerability where a JavaScript compartment mismatch can occur while working with the fetch API, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird 60.7, Firefox 67, and Firefox ESR 60.7...

NewStart CGSL CORE 5.04 / MAIN 5.04 : firefox Multiple Vulnerabilities (NS-SA-2019-0159)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has firefox packages installed that are affected by multiple vulnerabilities: - A possible vulnerability exists where type confusion can occur when manipulating JavaScript objects in object groups, allowing for the bypassing of...

NewStart CGSL CORE 5.04 / MAIN 5.04 : thunderbird Multiple Vulnerabilities (NS-SA-2019-0158)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has thunderbird packages installed that are affected by multiple vulnerabilities: - pngimagefree in png.c in libpng 1.6.36 has a use- after-free because pngimagefreefunction is called under pngsafeexecute. CVE-2019-7317 - If a...

Code injection

A vulnerability where a JavaScript compartment mismatch can occur while working with the fetch API, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird 60.7, Firefox 67, and Firefox ESR 60.7...

Mozilla Firefox ESR < 60.7

The version of Firefox ESR installed on the remote Windows host is prior to 60.7. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2019-14 advisory. - A use-after-free vulnerability can occur in the chrome event handler when it is freed while still in use. This...

CVE-2019-9819

A vulnerability where a JavaScript compartment mismatch can occur while working with the fetch API, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird 60.7, Firefox 67, and Firefox ESR 60.7...

Security vulnerabilities fixed in Firefox ESR 60.7 — Mozilla

If hyperthreading is not disabled, a timing attack vulnerability exists, similar to previous Spectre attacks. Apple has shipped macOS 10.14.5 with an option to disable hyperthreading in applications running untrusted code in a thread through a new sysctl. Firefox now makes use of it on the main...

Firefox ESR 17.x < 17.0.9 Multiple Vulnerabilities (Mac OS X)

The installed version of Firefox ESR 17.x is earlier than 17.0.9 and is, therefore, potentially affected by the following vulnerabilities : - Memory issues exist in the browser engine that could result in a denial of service or arbitrary code execution. CVE-2013-1718, CVE-2013-1719 - Multiple...

SeaMonkey < 2.21 Multiple Vulnerabilities

The installed version of SeaMonkey is earlier than 2.21 and thus, is potentially affected by the following vulnerabilities : - Memory issues exist in the browser engine that could allow for denial of service or arbitrary code execution. CVE-2013-1718, CVE-2013-1719 - The HTML5 Tree Builder does n...

Mozilla Thunderbird ESR 17.x < 17.0.9 Multiple Vulnerabilities

The installed version of Thunderbird ESR 17.x is earlier than 17.0.9 and is, therefore, potentially affected the following vulnerabilities: - Memory issues exist in the browser engine that could allow for denial of service or arbitrary code execution. CVE-2013-1718, CVE-2013-1719 - Multiple...

Mozilla 24 Resolves 17 Security Vulnerabilities

The Mozilla Foundation released Firefox 24 yesterday, issuing 17 security patches for the browser. Seven of the bulletins received the highest, critical impact rating, four are considered high impact advisories, the second most severe rating, and the remaining six are of moderate impact. Mozilla’...

Design/Logic Flaw

Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 do not properly handle movement of XBL-backed nodes between documents, which allows remote attackers to execute arbitrary code or cause a denial of...

CVE-2013-1730

Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 do not properly handle movement of XBL-backed nodes between documents, which allows remote attackers to execute arbitrary code or cause a denial of...

CVE-2013-1730

Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 do not properly handle movement of XBL-backed nodes between documents, which allows remote attackers to execute arbitrary code or cause a denial of...