SUSE CVE-2019-11741

A compromised sandboxed content process can perform a Universal Cross-site Scripting UXSS attack on content from any site it can cause to be loaded in the same process. Because addons.mozilla.org and accounts.firefox.com have close ties to the Firefox product, malicious manipulation of these site...

CVE-2019-11741

A compromised sandboxed content process can perform a Universal Cross-site Scripting UXSS attack on content from any site it can cause to be loaded in the same process. Because addons.mozilla.org and accounts.firefox.com have close ties to the Firefox product, malicious manipulation of these site...

UBUNTU-CVE-2019-11741

A compromised sandboxed content process can perform a Universal Cross-site Scripting UXSS attack on content from any site it can cause to be loaded in the same process. Because addons.mozilla.org and accounts.firefox.com have close ties to the Firefox product, malicious manipulation of these site...

Arbitrary Code Execution

Firefox and Firefox ESR are vulnerable to arbitrary code execution attacks. A remote user could trigger a bailout error in the JavaScript JIT compiler when inlining 'Array.prototype.push' to potentially execute arbitrary code within the sandboxed content process which may lead to disclosure of...

CVE-2018-12386

A vulnerability in register allocation in JavaScript can lead to type confusion, allowing for an arbitrary read and write. This leads to remote code execution inside the sandboxed content process when triggered. This vulnerability affects Firefox ESR 60.2.2 and Firefox 62.0.3...

Type confusion

A vulnerability in register allocation in JavaScript can lead to type confusion, allowing for an arbitrary read and write. This leads to remote code execution inside the sandboxed content process when triggered. This vulnerability affects Firefox ESR 60.2.2 and Firefox 62.0.3...

MGASA-2018-0396 Updated firefox packages fix security vulnerabilities

Updated firefox packages fix security vulnerabilities: A vulnerability in register allocation in JavaScript can lead to type confusion, allowing for an arbitrary read and write. This leads to remote code execution inside the sandboxed content process when triggered CVE-2018-12386. A vulnerability...

Security update for Mozilla Firefox (important)

This update for Mozilla Firefox to version 60.2.2esr contains the following security fixes MFSA 2018-24: - CVE-2018-12386: Type confusion in JavaScript allowed remote code execution bsc1110506 - CVE-2018-12387: Array.prototype.push stack pointer vulnerability may enable exploits in the sandboxed...

Debian DSA-4310-1 : firefox-esr - security update

Two security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code inside the sandboxed content process. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Securi...

mozilla -- multiple vulnerabilities

Mozilla Foundation reports: CVE-2018-12386: Type confusion in JavaScript A vulnerability in register allocation in JavaScript can lead to type confusion, allowing for an arbitrary read and write. This leads to remote code execution inside the sandboxed content process when triggered...