CVE-2020-6798 – Mozilla: Incorrect parsing of template tag could result in JavaScript injection

https://notcve.org/view.php?id=CVE-2020-6798

14 Feb 2020 — If a template tag was used in a select tag, the parser could be confused and allow JavaScript parsing and execution when it should not be allowed. A site that relied on the browser behaving correctly could suffer a cross-site scripting vulnerability as a result. In general, this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but is potentially a risk in browser or browser-like contexts. This vulnerability affects Thunderbird < 68.5, Firefox... • https://bugzilla.mozilla.org/show_bug.cgi?id=1602944 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVE-2020-6796 – Mozilla: Missing bounds check on shared memory read in the parent process

https://notcve.org/view.php?id=CVE-2020-6796

14 Feb 2020 — A content process could have modified shared memory relating to crash reporting information, crash itself, and cause an out-of-bound write. This could have caused memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 73 and Firefox < ESR68.5. Un procesamiento de contenido podría haber modificado una memoria compartida relacionada con la información de los reportes de bloqueos de aplicación, el bloqueo en sí mismo, y causar una escritura fuera de límites. Esto podría hab... • https://bugzilla.mozilla.org/show_bug.cgi?id=1610426 • CWE-787: Out-of-bounds Write •

CVE-2019-17026 – Mozilla Firefox And Thunderbird Type Confusion Vulnerability

https://notcve.org/view.php?id=CVE-2019-17026

09 Jan 2020 — Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR < 68.4.1, Thunderbird < 68.4.1, and Firefox < 72.0.1. Una información de alias incorrecta en compilador IonMonkey JIT para establecer los elementos de la matriz podría conllevar a una confusión de tipo. Estamos conscientes de los ataques dirigidos "in the wild" abusando de este fallo. • https://packetstorm.news/files/id/162568 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •

CVE-2019-17024 – Mozilla: Memory safety bugs fixed in Firefox 72 and Firefox ESR 68.4

https://notcve.org/view.php?id=CVE-2019-17024

08 Jan 2020 — Mozilla developers reported memory safety bugs present in Firefox 71 and Firefox ESR 68.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72. Los desarrolladores de Mozilla reportaron bugs de seguridad de memoria presentes en Firefox versión 71 y Firefox ESR versión 68.3. Algunos de estos errores mostraron evidencia de corrupción de memori... • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00029.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •

CVE-2019-17022 – Mozilla: CSS sanitization does not escape HTML tags

https://notcve.org/view.php?id=CVE-2019-17022

08 Jan 2020 — When pasting a <style> tag from the clipboard into a rich text editor, the CSS sanitizer does not escape < and > characters. Because the resulting string is pasted directly into the text node of the element this does not result in a direct injection into the webpage; however, if a webpage subsequently copies the node's innerHTML, assigning it to another innerHTML, this would result in an XSS vulnerability. Two WYSIWYG editors were identified with this behavior, more may exist. This vulnerability... • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00029.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVE-2019-17021 – Slackware Security Advisory - mozilla-thunderbird Updates

https://notcve.org/view.php?id=CVE-2019-17021

08 Jan 2020 — During the initialization of a new content process, a race condition occurs that can allow a content process to disclose heap addresses from the parent process. *Note: this issue only occurs on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72. Durante la inicialización de un nuevo proceso de contenido, ocurre una condición de carrera que puede permitir a un proceso de contenido revelar direcciones de la pila del proceso principal. * Nota: este... • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00029.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •

CVE-2019-17017 – Mozilla: Type Confusion in XPCVariant.cpp

https://notcve.org/view.php?id=CVE-2019-17017

08 Jan 2020 — Due to a missing case handling object types, a type confusion vulnerability could occur, resulting in a crash. We presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72. Debido a una falta de tipos de objetos del manejo de casos, podría ocurrir una vulnerabilidad de confusión de tipos, resultando en un bloqueo. Suponemos que con el esfuerzo suficiente podría ser explotado para ejecutar código arbitrario. • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00029.html • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •

CVE-2019-17016 – Mozilla: Bypass of @namespace CSS sanitization during pasting

https://notcve.org/view.php?id=CVE-2019-17016

08 Jan 2020 — When pasting a <style> tag from the clipboard into a rich text editor, the CSS sanitizer incorrectly rewrites a @namespace rule. This could allow for injection into certain types of websites resulting in data exfiltration. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72. Al pegar un <style> etiqueta del portapapeles en un editor de texto enriquecido, el saneador CSS reescribe incorrectamente una regla @namespace. Esto podría permitir una inyección en ciertos tipos de sitios web re... • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00029.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVE-2019-17015 – Slackware Security Advisory - mozilla-thunderbird Updates

https://notcve.org/view.php?id=CVE-2019-17015

08 Jan 2020 — During the initialization of a new content process, a pointer offset can be manipulated leading to memory corruption and a potentially exploitable crash in the parent process. *Note: this issue only occurs on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72. Durante la inicialización de un nuevo proceso de contenido, un desplazamiento del puntero puede ser manipulado lo que conlleva a una corrupción de memoria y un bloqueo explotable potencial... • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00029.html • CWE-787: Out-of-bounds Write •

CVE-2019-17005 – Mozilla: Buffer overflow in plain text serializer

https://notcve.org/view.php?id=CVE-2019-17005

04 Dec 2019 — The plain text serializer used a fixed-size array for the number of

elements it could process; however it was possible to overflow the static-sized array leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71. El serializador de texto plano utilizó una matriz de tamaño fijo para el número de elementos (ol) que podía procesar; sin embargo, fue posible desbordar la matriz de tamaño estático conllevando a un cor... • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •