CVSS: 8.3EPSS: 0%CPEs: 4EXPL: 0CVE-2019-9818
https://notcve.org/view.php?id=CVE-2019-9818
A race condition is present in the crash generation server used to generate data for the crash reporter. This issue can lead to a use-after-free in the main process, resulting in a potentially exploitable crash and a sandbox escape. *Note: this vulnerability only affects Windows. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7. • https://bugzilla.mozilla.org/show_bug.cgi?id=1542581 https://www.mozilla.org/security/advisories/mfsa2019-13 https://www.mozilla.org/security/advisories/mfsa2019-14 https://www.mozilla.org/security/advisories/mfsa2019-15 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2019-11694
https://notcve.org/view.php?id=CVE-2019-11694
A vulnerability exists in the Windows sandbox where an uninitialized value in memory can be leaked to a renderer from a broker when making a call to access an otherwise unavailable file. This results in the potential leaking of information stored at that memory location. *Note: this issue only occurs on Windows. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7. • https://bugzilla.mozilla.org/show_bug.cgi?id=1534196 https://www.mozilla.org/security/advisories/mfsa2019-13 https://www.mozilla.org/security/advisories/mfsa2019-14 https://www.mozilla.org/security/advisories/mfsa2019-15 • CWE-755: Improper Handling of Exceptional Conditions CWE-908: Use of Uninitialized Resource •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-11699
https://notcve.org/view.php?id=CVE-2019-11699
A malicious page can briefly cause the wrong name to be highlighted as the domain name in the addressbar during page navigations. This could result in user confusion of which site is currently loaded for spoofing attacks. This vulnerability affects Firefox < 67. Una página maliciosa puede causar brevemente que se resalte el nombre incorrecto como el nombre de dominio en la barra de direcciones durante la navegación de la página. Esto podría generar confusión en el usuario sobre qué sitio está cargado actualmente para los ataques de suplantación de identidad. • https://bugzilla.mozilla.org/show_bug.cgi?id=1528939 https://www.mozilla.org/security/advisories/mfsa2019-13 •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-11700
https://notcve.org/view.php?id=CVE-2019-11700
A hyperlink using the res: protocol can be used to open local files at a known location in Internet Explorer if a user approves execution when prompted. *Note: this issue only occurs on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 67. Se puede usar un hipervínculo que utiliza el protocolo res: para abrir archivos locales en una ubicación conocida en Internet Explorer si un usuario aprueba la ejecución cuando se le solicite. * Nota: este problema solo ocurre en Windows. • https://bugzilla.mozilla.org/show_bug.cgi?id=1549833 https://www.mozilla.org/security/advisories/mfsa2019-13 • CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-11702
https://notcve.org/view.php?id=CVE-2019-11702
A hyperlink using protocols associated with Internet Explorer, such as IE.HTTP:, can be used to open local files at a known location with Internet Explorer if a user approves execution when prompted. *Note: this issue only occurs on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 67.0.2. Un hipervínculo que utiliza protocolos asociados con Internet Explorer, como IE.HTTP:, puede usarse para abrir archivos locales en una ubicación conocida con Internet Explorer si un usuario aprueba la ejecución cuando se le solicite. * Nota: este problema solo ocurre en Windows. • https://bugzilla.mozilla.org/show_bug.cgi?id=1552627 https://www.mozilla.org/security/advisories/mfsa2019-16 • CWE-862: Missing Authorization •