CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-18510
https://notcve.org/view.php?id=CVE-2018-18510
The about:crashcontent and about:crashparent pages can be triggered by web content. These pages are used to crash the loaded page or the browser for test purposes. This issue allows for a non-persistent denial of service (DOS) attack by a malicious site which links to these pages. This vulnerability affects Firefox < 64. Las paginas about:crashcontent y about:crashparent pueden ser accionadas por contenido web. • https://bugzilla.mozilla.org/show_bug.cgi?id=1507702 https://www.mozilla.org/security/advisories/mfsa2018-29 •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2019-9801
https://notcve.org/view.php?id=CVE-2019-9801
Firefox will accept any registered Program ID as an external protocol handler and offer to launch this local application when given a matching URL on Windows operating systems. This should only happen if the program has specifically registered itself as a "URL Handler" in the Windows registry. *Note: This issue only affects Windows operating systems. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66. • https://bugzilla.mozilla.org/show_bug.cgi?id=1527717 https://www.mozilla.org/security/advisories/mfsa2019-07 https://www.mozilla.org/security/advisories/mfsa2019-08 https://www.mozilla.org/security/advisories/mfsa2019-11 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-9789
https://notcve.org/view.php?id=CVE-2019-9789
Mozilla developers and community members reported memory safety bugs present in Firefox 65. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 66. Los desarrolladores y miembros de la comunidad de Mozilla detectaron errores de seguridad de memoria en Firefox versión 65. Algunos de estos errores mostraron evidencia de corrupción en la memoria y suponemos que con suficiente esfuerzo que algunos de estos podrían ser explotados para ejecutar código arbitrario. • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1520483%2C1522987%2C1528199%2C1519337%2C1525549%2C1516179%2C1518524%2C1518331%2C1526579%2C1512567%2C1524335%2C1448505%2C1518821 https://www.mozilla.org/security/advisories/mfsa2019-07 • CWE-787: Out-of-bounds Write •
CVSS: 7.4EPSS: 0%CPEs: 2EXPL: 0CVE-2019-9798
https://notcve.org/view.php?id=CVE-2019-9798
On Android systems, Firefox can load a library from APITRACE_LIB, which is writable by all users and applications. This could allow malicious third party applications to execute a man-in-the-middle attack if a malicious code was written to that location and loaded. *Note: This issue only affects Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 66. • https://bugzilla.mozilla.org/show_bug.cgi?id=1527534 https://www.mozilla.org/security/advisories/mfsa2019-07 • CWE-426: Untrusted Search Path •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2019-9807
https://notcve.org/view.php?id=CVE-2019-9807
When arbitrary text is sent over an FTP connection and a page reload is initiated, it is possible to create a modal alert message with this text as the content. This could potentially be used for social engineering attacks. This vulnerability affects Firefox < 66. Cuando un text arbitrario es enviado sobre una conexión FTP y la recarga de página es iniciada, es posible crear un mensaje de alerta modal con ese texto como contenido. Esto puede ser potencialmente empleado para ataques de ingeniería social. • https://bugzilla.mozilla.org/show_bug.cgi?id=1362050 https://www.mozilla.org/security/advisories/mfsa2019-07 • CWE-20: Improper Input Validation •