CVSS: 8.8EPSS: 2%CPEs: 17EXPL: 0CVE-2019-17017 – Mozilla: Type Confusion in XPCVariant.cpp
https://notcve.org/view.php?id=CVE-2019-17017
08 Jan 2020 — Due to a missing case handling object types, a type confusion vulnerability could occur, resulting in a crash. ... This vulnerability affects Firefox ESR < 68.4 and Firefox < 72. Debido a una falta de tipos de objetos del manejo de casos, podría ocurrir una vulnerabilidad de confusión de tipos, resultando en un bloqueo. ... Esta vulnerabilidad afecta a Firefox ESR versiones anteriores a la versión 68.4 y Firefox versiones anteriores a la versión 72. • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00029.html • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 2CVE-2019-19916
https://notcve.org/view.php?id=CVE-2019-19916
20 Dec 2019 — In Midori Browser 0.5.11 (on Windows 10), Content Security Policy (CSP) is not applied correctly to all parts of multipart content sent with the multipart/x-mixed-replace MIME type. • https://blog.mozilla.org/security/2016/08/26/mitigating-mime-confusion-attacks-in-firefox • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-11750 – Mozilla: Type confusion in Spidermonkey
https://notcve.org/view.php?id=CVE-2019-11750
04 Sep 2019 — A type confusion vulnerability exists in Spidermonkey, which results in a non-exploitable crash. This vulnerability affects Firefox < 69 and Firefox ESR < 68.1. Se presenta una vulnerabilidad de confusión de tipos en Spidermonkey, lo que resulta en un bloqueo no explotable. Esta vulnerabilidad afecta a Firefox versiones anteriores a 69 y Firefox ESR versiones anteriores a 68.1. ... This update upgrades Firefox to version 68.1.0 ESR. • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00011.html • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') CWE-908: Use of Uninitialized Resource •
CVSS: 10.0EPSS: 65%CPEs: 3EXPL: 4CVE-2019-11708 – Mozilla Firefox and Thunderbird Sandbox Escape Vulnerability
https://notcve.org/view.php?id=CVE-2019-11708
24 Jun 2019 — This vulnerability affects Firefox ESR < 60.7.2, Firefox < 67.0.4, and Thunderbird < 60.7.2. ... Esta vulnerabilidad afecta a Firefox ESR anterior a versión 60.7.2, Firefox anterior a versión 67.0.4 y Thunderbird anterior a versión 60.7.2. A type confusion bug was discovered in Thunderbird. ... Mozilla Firefox and Thunderbird contain a sandbox escape vulnerability that could result in remote code execution. • http://packetstormsecurity.com/files/155592/Mozilla-Firefox-Windows-64-Bit-Chain-Exploit.html • CWE-20: Improper Input Validation CWE-270: Privilege Context Switching Error •
CVSS: 8.8EPSS: 83%CPEs: 3EXPL: 6CVE-2019-11707 – Mozilla Firefox and Thunderbird Type Confusion Vulnerability
https://notcve.org/view.php?id=CVE-2019-11707
19 Jun 2019 — A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. ... This vulnerability affects Firefox ESR < 60.7.1, Firefox < 67.0.3, and Thunderbird < 60.7.2. ... Esta vulnerabilidad afecta a Firefox ESR anterior a la versión 60.7.1, Firefox anterior a la versión 67.0.3 y Thunderbird anterior a la versión 60.7.2. A type confusion bug was discovered in Thunderbird. ... Mozilla Firefox and Thunderbird co... • https://packetstorm.news/files/id/165816 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2019-9819 – Mozilla: Compartment mismatch with fetch API
https://notcve.org/view.php?id=CVE-2019-9819
22 May 2019 — This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7. ... Esta vulnerabilidad afecta a Thunderbird anterior a versión 60.7, Firefox anterior a versión 67 y Firefox ESR anterior a versión 60.7. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.7.0 ESR. • https://bugzilla.mozilla.org/show_bug.cgi?id=1532553 • CWE-567: Unsynchronized Access to Shared Data in a Multithreaded Context CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 5.9EPSS: 38%CPEs: 3EXPL: 1CVE-2019-9816 – Spidermonkey - IonMonkey Unexpected ObjectGroup in ObjectGroupDispatch Operation
https://notcve.org/view.php?id=CVE-2019-9816
21 May 2019 — A possible vulnerability exists where type confusion can occur when manipulating JavaScript objects in object groups, allowing for the bypassing of security checks within these groups. ... This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7. Se presenta una posible vulnerabilidad donde puede producirse una confusión de tipo al manipular objetos de JavaScript en grupos de objetos, lo que permite omitir las comprobaciones de seguridad dentro d... • https://www.exploit-db.com/exploits/46940 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 8.8EPSS: 52%CPEs: 3EXPL: 2CVE-2019-9813 – Mozilla Firefox IonMonkey Optimizer Type Confusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-9813
25 Mar 2019 — Incorrect handling of __proto__ mutations may lead to type confusion in IonMonkey JIT code and can be leveraged for arbitrary memory read and write. This vulnerability affects Firefox < 66.0.1, Firefox ESR < 60.6.1, and Thunderbird < 60.6.1. ... Esta vulnerabilidad afecta a Firefox versiones anteriores a 66.0.1, Firefox ESR versiones anteriores a 60.6.1 y Thunderbird versiones anteriores a 60.6.1. ... The issue results from the lack of proper validation of user-supp... • https://packetstorm.news/files/id/152304 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 9.8EPSS: 38%CPEs: 11EXPL: 4CVE-2019-9791 – Spidermonkey - IonMonkey Type Inference is Incorrect for Constructors Entered via OSR
https://notcve.org/view.php?id=CVE-2019-9791
20 Mar 2019 — The type inference system allows the compilation of functions that can cause type confusions between arbitrary objects when compiled through the IonMonkey just-in-time (JIT) compiler and when the constructor function is entered through on-stack replacement (OSR). ... This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66. ... Esta vulnerabilidad afecta a Thunderbird versiones <60.6, Firefox ESR versiones <60.6 y Firefox versiones <66. US... • https://packetstorm.news/files/id/152266 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 9.8EPSS: 1%CPEs: 3EXPL: 0CVE-2019-9795 – Mozilla: Type-confusion in IonMonkey JIT compiler
https://notcve.org/view.php?id=CVE-2019-9795
20 Mar 2019 — A vulnerability where type-confusion in the IonMonkey just-in-time (JIT) compiler could potentially be used by malicious JavaScript to trigger a potentially exploitable crash. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66. Una vulnerabilidad de confusión de tipo en compilador IonMonkey just-in-time (JIT) podría ser utilizado por JavaScript malicioso para desencadenar un fallo potencialmente explotable. Esta vulnerabilidad afecta a Thun... • https://access.redhat.com/errata/RHSA-2019:0966 • CWE-617: Reachable Assertion CWE-787: Out-of-bounds Write CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •