EUVD-2019-7488

Malware in sbrugna...

Mozilla: Use-after-free when performing device orientation checks

Under certain conditions, when checking the Resist Fingerprinting preference during device orientation checks, a race condition could have caused a use-after-free and a potentially exploitable crash. This vulnerability affects Thunderbird 68.3, Firefox ESR 68.3, and Firefox 71...

CVE-2019-17025

Mozilla developers reported memory safety bugs present in Firefox 71. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox 72...

Mozilla: Buffer overflow in plain text serializer

The plain text serializer used a fixed-size array for the number of elements it could process; however it was possible to overflow the static-sized array leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird 68.3, Firefox ESR 68.3, and Firefox 71...

Mozilla Firefox Security Advisories (MFSA2019-36, MFSA2019-37) - Windows

Mozilla Firefox is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefox";...

DEBIAN-CVE-2018-18350

Incorrect handling of CSP enforcement during navigations in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to bypass content security policy via a crafted HTML page...

DEBIAN-CVE-2018-18345

Incorrect handling of blob URLS in Site Isolation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker who had compromised the renderer process to bypass site isolation protections via a crafted HTML page...

DEBIAN-CVE-2018-18335

Heap buffer overflow in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

UBUNTU-CVE-2018-18343

Incorrect handing of paths leading to a use after free in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

chromium-browser: Use after free in Blink

Incorrect handling of stylesheets leading to a use after free in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

Google Chrome Navigation Input Validation Vulnerability

Google Chrome is a web browser developed by Google, Inc.Navigation is one of the browser navigation modules. An input validation vulnerability exists in Navigation in versions of Google Chrome prior to 71.0.3578.80, which stems from the program's failure to properly handle navigation failures...

Google Chrome PDFium memory misreference vulnerability (CNVD-2019-01590)

Google Chrome is the United States Google Google company developed a Web browser. PDFium is one of the open source PDF rendering engine. A memory misreference vulnerability exists in PDFium in versions prior to Google Chrome 71.0.3578.80. A remote attacker can exploit this vulnerability to cause...