140 matches found
Code injection
Prototype pollution vulnerability in dot-prop npm package versions before 4.2.1 and versions 5.x before 5.1.1 allows an attacker to add arbitrary properties to JavaScript language constructs such as objects...
NewStart CGSL CORE 5.04 / MAIN 5.04 : firefox Multiple Vulnerabilities (NS-SA-2019-0159)
The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has firefox packages installed that are affected by multiple vulnerabilities: - A possible vulnerability exists where type confusion can occur when manipulating JavaScript objects in object groups, allowing for the bypassing of...
NewStart CGSL CORE 5.05 / MAIN 5.05 : firefox Multiple Vulnerabilities (NS-SA-2019-0164)
The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has firefox packages installed that are affected by multiple vulnerabilities: - Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed paren...
NewStart CGSL CORE 5.04 / MAIN 5.04 : thunderbird Multiple Vulnerabilities (NS-SA-2019-0160)
The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has thunderbird packages installed that are affected by multiple vulnerabilities: - A flaw in Thunderbird's implementation of iCal causes a heap buffer overflow in parsergetnextchar when processing certain email messages,...
NewStart CGSL CORE 5.04 / MAIN 5.04 : firefox Multiple Vulnerabilities (NS-SA-2019-0161)
The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has firefox packages installed that are affected by multiple vulnerabilities: - Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed paren...
DEBIAN-CVE-2019-9816
A possible vulnerability exists where type confusion can occur when manipulating JavaScript objects in object groups, allowing for the bypassing of security checks within these groups. Note: this vulnerability has only been demonstrated with UnboxedObjects, which are disabled by default on all...
CVE-2019-9816
A possible vulnerability exists where type confusion can occur when manipulating JavaScript objects in object groups, allowing for the bypassing of security checks within these groups. Note: this vulnerability has only been demonstrated with UnboxedObjects, which are disabled by default on all...
DEBIAN-CVE-2019-11707
A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR 60.7.1, Firefox 67.0.3, and Thunderbird 60.7.2...
ALPINE-CVE-2019-11707
A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR 60.7.1, Firefox 67.0.3, and Thunderbird 60.7.2...
CVE-2019-9816
A possible vulnerability exists where type confusion can occur when manipulating JavaScript objects in object groups, allowing for the bypassing of security checks within these groups. Note: this vulnerability has only been demonstrated with UnboxedObjects, which are disabled by default on all...
CVE-2019-11707
A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR 60.7.1, Firefox 67.0.3, and Thunderbird 60.7.2...
CVE-2019-11707
A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR 60.7.1, Firefox 67.0.3, and Thunderbird 60.7.2...
CVE-2019-11707
CVE-2019-11707 is a type confusion vulnerability in Mozilla Firefox/Thunderbird caused by issues in Array.pop when manipulating JavaScript objects, leading to an exploitable crash. It affects Firefox ESR < 60.7.1, Firefox < 67.0.3, and Thunderbird
CVE-2019-11707
A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR 60.7.1, Firefox 67.0.3, and Thunderbird 60.7.2...
VulnCheck KEV: CVE-2019-11707
Mozilla Firefox and Thunderbird contain a type confusion vulnerability that can occur when manipulating JavaScript objects due to issues in Array.pop, allowing for an exploitable crash...
Mozilla Firefox < 67.0.3
The version of Firefox installed on the remote Windows host is prior to 67.0.3. It is, therefore, affected by a vulnerability as referenced in the mfsa2019-18 advisory. - A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for a...
Mozilla Firefox < 67.0.3
The version of Firefox installed on the remote macOS or Mac OS X host is prior to 67.0.3. It is, therefore, affected by a vulnerability as referenced in the mfsa2019-18 advisory. - A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can...
Mozilla Thunderbird < 60.7
The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 60.7. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2019-15 advisory. - A use-after-free vulnerability can occur in the chrome event handler when it is freed while still in use...
UBUNTU-CVE-2019-9816
A possible vulnerability exists where type confusion can occur when manipulating JavaScript objects in object groups, allowing for the bypassing of security checks within these groups. Note: this vulnerability has only been demonstrated with UnboxedObjects, which are disabled by default on all...
Mozilla Firefox ESR < 60.7 Multiple Vulnerabilities
Binary data 700733.prm...