CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2019-9794
https://notcve.org/view.php?id=CVE-2019-9794
A vulnerability was discovered where specific command line arguments are not properly discarded during Firefox invocation as a shell handler for URLs. This could be used to retrieve and execute files whose location is supplied through these command line arguments if Firefox is configured as the default URI handler for a given URI scheme in third party applications and these applications insufficiently sanitize URL data. ... This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66. Fue encontrada una vulnerabilidad donde los argumentos específicos de la línea de comandos no se descartan correctamente durante la invocación de Firefox como un controlador shell para las URL. ... Esta vulnerabilidad impacta a Thunderbird anterior a la versión 60.6, Firefox ESR anterior a la versión 60.6 y Firefox anterior a la versión 66. • https://bugzilla.mozilla.org/show_bug.cgi?id=1530103 https://www.mozilla.org/security/advisories/mfsa2019-07 https://www.mozilla.org/security/advisories/mfsa2019-08 https://www.mozilla.org/security/advisories/mfsa2019-11 • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-9804
https://notcve.org/view.php?id=CVE-2019-9804
In Firefox Developer Tools it is possible that pasting the result of the 'Copy as cURL' command into a command shell on macOS will cause the execution of unintended additional bash script commands if the URL was maliciously crafted. ... This vulnerability affects Firefox < 66. En las Herramientas de Desarrollo (Developer Tools) de Firefox es posible que al pegar el resultado del comando 'Copy as cURL' hacia un shell de comandos en macOS, se provoque la ejecución de comandos de script bash adicionales involuntarios si la URL fue maliciosamente creada. ... Esta vulnerabilidad impacta a Firefox anterior a versión 66. • https://bugzilla.mozilla.org/show_bug.cgi?id=1518026 https://www.mozilla.org/security/advisories/mfsa2019-07 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-9789
https://notcve.org/view.php?id=CVE-2019-9789
Mozilla developers and community members reported memory safety bugs present in Firefox 65. ... This vulnerability affects Firefox < 66. Los desarrolladores y miembros de la comunidad de Mozilla detectaron errores de seguridad de memoria en Firefox versión 65. ... Esta vulnerabilidad afecta a Firefox versión anterior a 66. • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1520483%2C1522987%2C1528199%2C1519337%2C1525549%2C1516179%2C1518524%2C1518331%2C1526579%2C1512567%2C1524335%2C1448505%2C1518821 https://www.mozilla.org/security/advisories/mfsa2019-07 • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-9805
https://notcve.org/view.php?id=CVE-2019-9805
This vulnerability affects Firefox < 66. ... Esta vulnerabilidad afecta a Firefox versiones anteriores a la 66. • https://bugzilla.mozilla.org/show_bug.cgi?id=1521360 https://www.mozilla.org/security/advisories/mfsa2019-07 • CWE-908: Use of Uninitialized Resource •
CVSS: 9.8EPSS: 0%CPEs: 11EXPL: 0CVE-2019-9788 – Mozilla: Memory safety bugs fixed in Firefox 66 and Firefox ESR 60.6
https://notcve.org/view.php?id=CVE-2019-9788
Mozilla developers and community members reported memory safety bugs present in Firefox 65, Firefox ESR 60.5, and Thunderbird 60.5. ... This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66. Desarrolladores de Mozilla y miembros de la comunidad reportaron bugs en seguridad de memoria presentes en Firefox 65, Firefox ESR 60.5, y Thunderbird 60.5. ... Esta vulnerabilidad afecta a Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66. • https://access.redhat.com/errata/RHSA-2019:0966 https://access.redhat.com/errata/RHSA-2019:1144 https://bugzilla.mozilla.org/buglist.cgi?bug_id=1518001%2C1521304%2C1521214%2C1506665%2C1516834%2C1518774%2C1524755%2C1523362%2C1524214%2C1529203 https://www.mozilla.org/security/advisories/mfsa2019-07 https://www.mozilla.org/security/advisories/mfsa2019-08 https://www.mozilla.org/security/advisories/mfsa2019-11 https://access.redhat.com/security/cve/CVE-2019-9788 https://bugzilla.redhat.com/show_bug.cgi?id • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •