CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 1CVE-2019-11758 – Mozilla: Potentially exploitable crash due to 360 Total Security
https://notcve.org/view.php?id=CVE-2019-11758
Mozilla community member Philipp reported a memory safety bug present in Firefox 68 when 360 Total Security was installed. This bug showed evidence of memory corruption in the accessibility engine and we presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affects Firefox < 69, Thunderbird < 68.2, and Firefox ESR < 68.2. Philipp, miembro de la comunidad de Mozilla, reportó un bug de seguridad de la memoria presente en Firefox versión 68 cuando 360 Total Security fue instalado. Este bug mostró evidencia de corrupción de memoria en el motor de accesibilidad y suponemos que con un esfuerzo suficiente podría ser explotado para ejecutar código arbitrario. • https://bugzilla.mozilla.org/show_bug.cgi?id=1536227 https://usn.ubuntu.com/4335-1 https://www.mozilla.org/security/advisories/mfsa2019-25 https://www.mozilla.org/security/advisories/mfsa2019-33 https://www.mozilla.org/security/advisories/mfsa2019-35 https://access.redhat.com/security/cve/CVE-2019-11758 https://bugzilla.redhat.com/show_bug.cgi?id=1764439 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2019-11757 – Mozilla: Use-after-free when creating index updates in IndexedDB
https://notcve.org/view.php?id=CVE-2019-11757
When following the value's prototype chain, it was possible to retain a reference to a locale, delete it, and subsequently reference it. This resulted in a use-after-free and a potentially exploitable crash. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2. Siguiendo la cadena de prototipos de valor, era posible retener una referencia a una configuración regional, eliminarla y, posteriormente, hacer referencia a ella. Esto resultó en un uso de la memoria previamente liberada y un bloqueo explotable potencialmente. • https://bugzilla.mozilla.org/show_bug.cgi?id=1577107 https://security.gentoo.org/glsa/202003-10 https://usn.ubuntu.com/4335-1 https://www.mozilla.org/security/advisories/mfsa2019-33 https://www.mozilla.org/security/advisories/mfsa2019-34 https://www.mozilla.org/security/advisories/mfsa2019-35 https://access.redhat.com/security/cve/CVE-2019-11757 https://bugzilla.redhat.com/show_bug.cgi?id=1764438 • CWE-416: Use After Free •
CVSS: 7.0EPSS: 0%CPEs: 3EXPL: 0CVE-2019-11736
https://notcve.org/view.php?id=CVE-2019-11736
The Mozilla Maintenance Service does not guard against files being hardlinked to another file in the updates directory, allowing for the replacement of local files, including the Maintenance Service executable, which is run with privileged access. Additionally, there was a race condition during checks for junctions and symbolic links by the Maintenance Service, allowing for potential local file and directory manipulation to be undetected in some circumstances. This allows for potential privilege escalation by a user with unprivileged local access. <br>*Note: These attacks requires local system access and only affects Windows. Other operating systems are not affected.*. • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00017.html https://bugzilla.mozilla.org/show_bug.cgi?id=1551913 https://bugzilla.mozilla.org/show_bug.cgi?id=1552206 https://www.mozilla.org/security/advisories/mfsa2019-25 https://www.mozilla.org/security/advisories/mfsa2019-26 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2019-11751
https://notcve.org/view.php?id=CVE-2019-11751
Logging-related command line parameters are not properly sanitized when Firefox is launched by another program, such as when a user clicks on malicious links in a chat application. This can be used to write a log file to an arbitrary location such as the Windows 'Startup' folder. <br>*Note: this issue only affects Firefox on Windows operating systems.*. This vulnerability affects Firefox < 69 and Firefox ESR < 68.1. Los parámetros de línea de comando relacionados con el Inicio de Sesión no son saneados apropiadamente cuando Firefox es iniciado por otro programa, tal y como cuando un usuario hace clic en enlaces maliciosos en una aplicación de chat. • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00017.html https://bugzilla.mozilla.org/show_bug.cgi?id=1572838 https://www.mozilla.org/security/advisories/mfsa2019-25 https://www.mozilla.org/security/advisories/mfsa2019-26 • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2019-11753
https://notcve.org/view.php?id=CVE-2019-11753
The Firefox installer allows Firefox to be installed to a custom user writable location, leaving it unprotected from manipulation by unprivileged users or malware. If the Mozilla Maintenance Service is manipulated to update this unprotected location and the updated maintenance service in the unprotected location has been altered, the altered maintenance service can run with elevated privileges during the update process due to a lack of integrity checks. This allows for privilege escalation if the executable has been replaced locally. <br>*Note: This attack requires local system access and only affects Windows. Other operating systems are not affected.*. • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00017.html https://bugzilla.mozilla.org/show_bug.cgi?id=1574980 https://www.mozilla.org/security/advisories/mfsa2019-25 https://www.mozilla.org/security/advisories/mfsa2019-26 https://www.mozilla.org/security/advisories/mfsa2019-27 • CWE-354: Improper Validation of Integrity Check Value •