CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-9789
https://notcve.org/view.php?id=CVE-2019-9789
Mozilla developers and community members reported memory safety bugs present in Firefox 65. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 66. Los desarrolladores y miembros de la comunidad de Mozilla detectaron errores de seguridad de memoria en Firefox versión 65. Algunos de estos errores mostraron evidencia de corrupción en la memoria y suponemos que con suficiente esfuerzo que algunos de estos podrían ser explotados para ejecutar código arbitrario. • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1520483%2C1522987%2C1528199%2C1519337%2C1525549%2C1516179%2C1518524%2C1518331%2C1526579%2C1512567%2C1524335%2C1448505%2C1518821 https://www.mozilla.org/security/advisories/mfsa2019-07 • CWE-787: Out-of-bounds Write •
CVSS: 7.4EPSS: 0%CPEs: 2EXPL: 0CVE-2019-9798
https://notcve.org/view.php?id=CVE-2019-9798
On Android systems, Firefox can load a library from APITRACE_LIB, which is writable by all users and applications. This could allow malicious third party applications to execute a man-in-the-middle attack if a malicious code was written to that location and loaded. *Note: This issue only affects Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 66. • https://bugzilla.mozilla.org/show_bug.cgi?id=1527534 https://www.mozilla.org/security/advisories/mfsa2019-07 • CWE-426: Untrusted Search Path •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2019-9807
https://notcve.org/view.php?id=CVE-2019-9807
When arbitrary text is sent over an FTP connection and a page reload is initiated, it is possible to create a modal alert message with this text as the content. This could potentially be used for social engineering attacks. This vulnerability affects Firefox < 66. Cuando un text arbitrario es enviado sobre una conexión FTP y la recarga de página es iniciada, es posible crear un mensaje de alerta modal con ese texto como contenido. Esto puede ser potencialmente empleado para ataques de ingeniería social. • https://bugzilla.mozilla.org/show_bug.cgi?id=1362050 https://www.mozilla.org/security/advisories/mfsa2019-07 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 93%CPEs: 11EXPL: 6CVE-2019-9810 – Mozilla Firefox Array.slice Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-9810
Incorrect alias information in IonMonkey JIT compiler for Array.prototype.slice method may lead to missing bounds check and a buffer overflow. This vulnerability affects Firefox < 66.0.1, Firefox ESR < 60.6.1, and Thunderbird < 60.6.1. La información incorrecta de alias en el compilador IonMonkey JIT para el método Array.prototype.slice puede llevar a la falta de comprobación de límites y a un desbordamiento del búfer. Esta vulnerabilidad afecta a Firefox versiones anteriores a 66.0.1, Firefox ESR versiones anteriores a 60.6.1 y Thunderbird versiones anteriores a 60.6.1. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. • https://www.exploit-db.com/exploits/46605 https://www.exploit-db.com/exploits/47752 https://github.com/0vercl0k/CVE-2019-9810 https://github.com/xuechiyaobai/CVE-2019-9810-PoC http://packetstormsecurity.com/files/155592/Mozilla-Firefox-Windows-64-Bit-Chain-Exploit.html https://access.redhat.com/errata/RHSA-2019:0966 https://access.redhat.com/errata/RHSA-2019:1144 https://bugzilla.mozilla.org/show_bug.cgi?id=1537924 https://www.mozilla.org/security/advisories/mfsa2019-09 https:/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 59%CPEs: 3EXPL: 1CVE-2019-9813 – Mozilla Firefox IonMonkey Optimizer Type Confusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-9813
Incorrect handling of __proto__ mutations may lead to type confusion in IonMonkey JIT code and can be leveraged for arbitrary memory read and write. This vulnerability affects Firefox < 66.0.1, Firefox ESR < 60.6.1, and Thunderbird < 60.6.1. Un manejo incorrecto de __proto__ mutations puede llevar a confusión de tipo en el código IonMonkey JIT, y puede aprovecharse para la lectura y escritura de memoria arbitraria. Esta vulnerabilidad afecta a Firefox versiones anteriores a 66.0.1, Firefox ESR versiones anteriores a 60.6.1 y Thunderbird versiones anteriores a 60.6.1. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. • https://www.exploit-db.com/exploits/46646 https://access.redhat.com/errata/RHSA-2019:0966 https://access.redhat.com/errata/RHSA-2019:1144 https://bugzilla.mozilla.org/show_bug.cgi?id=1538006 https://www.mozilla.org/security/advisories/mfsa2019-09 https://www.mozilla.org/security/advisories/mfsa2019-10 https://www.mozilla.org/security/advisories/mfsa2019-12 https://access.redhat.com/security/cve/CVE-2019-9813 https://bugzilla.redhat.com/show_bug.cgi?id=1692182 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •