Mozilla Firefox ESR < 60.7

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 60.7. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2019-14 advisory. - A use-after-free vulnerability can occur in the chrome event handler when it is freed while still in use...

Mozilla Firefox < 67.0

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 67.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2019-13 advisory. - A use-after-free vulnerability can occur in the chrome event handler when it is freed while still in use. Thi...

Mozilla Thunderbird < 60.7

The version of Thunderbird installed on the remote Windows host is prior to 60.7. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2019-15 advisory. - A use-after-free vulnerability can occur in the chrome event handler when it is freed while still in use. This...

Mozilla Firefox ESR < 60.7 Multiple Vulnerabilities

Binary data 700733.prm...

CVE-2019-9817

Images from a different domain can be read using a canvas object in some circumstances. This could be used to steal image data from a different site in violation of same-origin policy. This vulnerability affects Thunderbird 60.7, Firefox 67, and Firefox ESR 60.7...

Security vulnerabilities fixed in Thunderbird 60.7 — Mozilla

If hyperthreading is not disabled, a timing attack vulnerability exists, similar to previous Spectre attacks. Apple has shipped macOS 10.14.5 with an option to disable hyperthreading in applications running untrusted code in a thread through a new sysctl. Firefox now makes use of it on the main...

Security vulnerabilities fixed in Firefox ESR 60.7 — Mozilla

If hyperthreading is not disabled, a timing attack vulnerability exists, similar to previous Spectre attacks. Apple has shipped macOS 10.14.5 with an option to disable hyperthreading in applications running untrusted code in a thread through a new sysctl. Firefox now makes use of it on the main...

UBUNTU-CVE-2019-9817

Images from a different domain can be read using a canvas object in some circumstances. This could be used to steal image data from a different site in violation of same-origin policy. This vulnerability affects Thunderbird 60.7, Firefox 67, and Firefox ESR 60.7...

Insecure Same-Origin Policy

Mozilla Firefox is vulnerable to insecure same-origin policy vulnerability. The vulnerability exists due to the redirection of theft of cross-origin URL entries to another site using performance.getEntries when using the Javascript location property allowing data theft...

Information Disclosure

Firefox is vulnerable to information disclosure attacks. A remote user could bypass same-origin restrictions in the PDF viewer to view ostensibly protected PDF files...

USN-3983-1 linux vulnerabilities

Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi Maisuradze, Dan Horea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Moritz Lipp, Michael Schwarz, and Daniel Gruss discovered...

USN-3982-1 linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities

Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi Maisuradze, Dan Horea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Moritz Lipp, Michael Schwarz, and Daniel Gruss discovered...

kernel: memory leak when merging buffers in SCSI IO vectors

It was found that in the Linux kernel through v4.14-rc5, biomapuseriov and biounmapuser in 'block/bio.c' do unbalanced pages refcounting if IO vector has small consecutive buffers belonging to the same page. bioaddpcpage merges them into one, but the page reference is never dropped, causing a...

chromium-browser: CORS bypass in download manager

Inappropriate implementation in Blink in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass same origin policy via a crafted HTML page...

chromium-browser: CORS bypass in Blink

Incorrect handling of CORS in ServiceWorker in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass same origin policy via a crafted HTML page...

Information Disclosure

Mozilla Firefox is vulnerable to information disclosure. A malicious page can extract pixel values from a targeted user using SVG filters that don't use the fixed point math implementation on a target iframe. An attacker could obtain history information and read text values across domains. This...

Information Disclosure

Firefox is vulnerable to information disclosure attacks. A remote user could trigger a same-origin policy bypass in the Resource Timing API to view potentially sensitive URLs on the target user's system...

Same-Origin Policy Bypass

Mozilla Firefox is vulnerable to same-origin policy bypass. Attackers can exploit these issues to bypass security restrictions and perform unauthorized actions, obtain sensitive information, bypass same-origin policy restrictions to access data, and execute arbitrary code in the context of the...

Arbitrary Code Execution

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...

Cross-Site Scripting (XSS)

mozilla firefox is vulnerable to cross-site scripting XSS attacks. A user-assisted remote attackers can create a specially crafted HTML malicious local shortcut file in the same local directory to load an arbitrary website in violation of same-origin policy, allowing for data theft...