Mozilla Firefox ESR Security Advisories (MFSA2019-25, MFSA2019-27) - Mac OS X

Mozilla Firefox ESR is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefoxesr";...

USN-4122-1 firefox vulnerabilities

Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to obtain sensitive information, bypass Content Security Policy CSP protections, bypass same-origin restrictions, conduct cross-site...

Mozilla: Same-origin policy violation with SVG filters and canvas to steal cross-origin images

A same-origin policy violation occurs allowing the theft of cross-origin images through a combination of SVG filters and a canvas element due to an error in how same-origin policy is applied to cached image content. The resulting same-origin policy violation could allow for data theft. This...

CVE-2019-11742

A same-origin policy violation occurs allowing the theft of cross-origin images through a combination of SVG filters and a canvas element due to an error in how same-origin policy is applied to cached image content. The resulting same-origin policy violation could allow for data theft. This...

[ASA-201909-2] firefox: multiple issues

Arch Linux Security Advisory ASA-201909-2 ========================================= Severity: High Date : 2019-09-04 CVE-ID : CVE-2019-5849 CVE-2019-9812 CVE-2019-11734 CVE-2019-11735 CVE-2019-11737 CVE-2019-11738 CVE-2019-11740 CVE-2019-11741 CVE-2019-11742 CVE-2019-11743 CVE-2019-11744...

UBUNTU-CVE-2019-11742

A same-origin policy violation occurs allowing the theft of cross-origin images through a combination of SVG filters and a canvas element due to an error in how same-origin policy is applied to cached image content. The resulting same-origin policy violation could allow for data theft. This...

Security fix for the ALT Linux 10 package firefox-esr version 68.1.0-alt1

Sept. 4, 2019 Andrey Cherepanov 68.1.0-alt1 - New ESR version 68.1.0. - Fixed: + CVE-2019-11751 Malicious code execution through command line parameters + CVE-2019-11746 Use-after-free while manipulating video + CVE-2019-11744 XSS by breaking out of title and textarea elements using innerHTML +...

FreeBSD : mozilla -- multiple vulnerabilities (05463e0a-abd3-4fa4-bd5f-cd5ed132d4c6)

Mozilla Foundation reports : CVE-2019-11751: Malicious code execution through command line parameters CVE-2019-11746: Use-after-free while manipulating video CVE-2019-11744: XSS by breaking out of title and textarea elements using innerHTML CVE-2019-11742: Same-origin policy violation with SVG...

KLA11545 Multiple vulnerabilities in Mozilla Firefox ESR

Multiple vulnerabilities were found in Mozilla Firefox ESR. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code, perform cross-site scripting attack, bypass security restrictions, gain privileges. Below is a complete list of vulnerabilities: 1. A...

mozilla -- multiple vulnerabilities

Mozilla Foundation reports: CVE-2019-11751: Malicious code execution through command line parameters CVE-2019-11746: Use-after-free while manipulating video CVE-2019-11744: XSS by breaking out of title and textarea elements using innerHTML CVE-2019-11742: Same-origin policy violation with SVG...

Security vulnerabilities fixed in Firefox ESR 60.9 — Mozilla

A use-after-free vulnerability can occur while manipulating video elements if the body is freed while still in use. This results in a potentially exploitable crash. Some HTML elements, such as and , can contain literal angle brackets without treating them as markup. It is possible to pass a liter...

Security vulnerabilities fixed in Firefox 69 — Mozilla

Logging-related command line parameters are not properly sanitized when Firefox is launched by another program, such as when a user clicks on malicious links in a chat application. This can be used to write a log file to an arbitrary location such as the Windows 'Startup' folder. Note: this issue...

Security update for MozillaThunderbird (moderate)

openSUSE Security Update: Security update for MozillaThunderbird Announcement ID: openSUSE-SU-2019:1990-1 Rating: moderate References: 1137970 1140868 Cross-References: CVE-2019-11709 CVE-2019-11711 CVE-2019-11712 CVE-2019-11713 CVE-2019-11715 CVE-2019-11717 CVE-2019-11719 CVE-2019-11729...

CVE-2019-1192

A security feature bypass vulnerability exists when Microsoft browsers improperly handle requests of different origins. The vulnerability allows Microsoft browsers to bypass Same-Origin Policy SOP restrictions, and to allow requests that should otherwise be ignored. An attacker who successfully...

CVE-2019-1192

A security feature bypass vulnerability exists when Microsoft browsers improperly handle requests of different origins. The vulnerability allows Microsoft browsers to bypass Same-Origin Policy SOP restrictions, and to allow requests that should otherwise be ignored. An attacker who successfully...

Microsoft Edge and Internet Explorer Security Feature Issue Vulnerability

Microsoft Edge and Microsoft Internet Explorer IE are both products of Microsoft Corporation.Microsoft Edge is a web browser that comes with Windows 10 and later.Microsoft Internet Explorer is a web browser that comes with Windows operating systems. Microsoft Edge is a web browser that comes with...

Microsoft Edge and Internet Explorer Buffer Overflow Vulnerability (CNVD-2019-30523)

Microsoft Edge and Microsoft Internet Explorer IE are both products of Microsoft Corporation.Microsoft Edge is a web browser that comes with Windows 10 and later.Microsoft Internet Explorer is a web browser that comes with Windows operating systems. Microsoft Edge is a web browser that comes with...

Microsoft Browsers Security Feature Bypass Vulnerability

A security feature bypass vulnerability exists when Microsoft browsers improperly handle requests of different origins. The vulnerability allows Microsoft browsers to bypass Same-Origin Policy SOP restrictions, and to allow requests that should otherwise be ignored. An attacker who successfully...

KB4512482: Windows Server 2012 August 2019 Security Update

The remote Windows host is missing security update 4512482 or cumulative update 4512518. It is, therefore, affected by multiple vulnerabilities : - An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call ALPC. An attacker who...

PT-2019-12557 · Microsoft · Browsers +2

Name of the Vulnerable Software and Affected Versions: Microsoft browsers affected versions not specified Description: A security feature bypass issue exists due to improper handling of requests from different origins by Microsoft browsers, allowing them to bypass Same-Origin Policy SOP...