CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2019-9796 – Mozilla: Use-after-free with SMIL animation controller
https://notcve.org/view.php?id=CVE-2019-9796
20 Mar 2019 — A use-after-free vulnerability can occur when the SMIL animation controller incorrectly registers with the refresh driver twice when only a single registration is expected. When a registration is later freed with the removal of the animation controller element, the refresh driver incorrectly leaves a dangling pointer to the driver's observer array. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66. Una vulnerabilidad de uso después de liberación de memoria puede darse cuand... • https://access.redhat.com/errata/RHSA-2019:0966 • CWE-416: Use After Free •
CVSS: 9.8EPSS: 19%CPEs: 11EXPL: 4CVE-2019-9792 – Spidermonkey - IonMonkey Leaks JS_OPTIMIZED_OUT Magic Value to Script
https://notcve.org/view.php?id=CVE-2019-9792
20 Mar 2019 — The IonMonkey just-in-time (JIT) compiler can leak an internal JS_OPTIMIZED_OUT magic value to the running script during a bailout. This magic value can then be used by JavaScript to achieve memory corruption, which results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66. El compilador IonMonkey just-in-time (JIT) puede filtrar un valor mágico interno JS_OPTIMIZED_OUT para la ejecución script durante un rescate. JavaScript puede utiliza... • https://packetstorm.news/files/id/153106 • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 2%CPEs: 11EXPL: 0CVE-2019-9788 – Mozilla: Memory safety bugs fixed in Firefox 66 and Firefox ESR 60.6
https://notcve.org/view.php?id=CVE-2019-9788
20 Mar 2019 — Mozilla developers and community members reported memory safety bugs present in Firefox 65, Firefox ESR 60.5, and Thunderbird 60.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66. Desarrolladores de Mozilla y miembros de la comunidad reportaron bugs en seguridad de memoria presentes en Firefox 65, Firefox ESR 60.5, y ... • https://access.redhat.com/errata/RHSA-2019:0966 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 39%CPEs: 11EXPL: 4CVE-2019-9791 – Spidermonkey - IonMonkey Type Inference is Incorrect for Constructors Entered via OSR
https://notcve.org/view.php?id=CVE-2019-9791
20 Mar 2019 — The type inference system allows the compilation of functions that can cause type confusions between arbitrary objects when compiled through the IonMonkey just-in-time (JIT) compiler and when the constructor function is entered through on-stack replacement (OSR). This allows for possible arbitrary reading and writing of objects during an exploitable crash. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66. El sistema de inferencia de tipos permite la recopilación de funcion... • https://packetstorm.news/files/id/152266 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2019-9795 – Mozilla: Type-confusion in IonMonkey JIT compiler
https://notcve.org/view.php?id=CVE-2019-9795
20 Mar 2019 — A vulnerability where type-confusion in the IonMonkey just-in-time (JIT) compiler could potentially be used by malicious JavaScript to trigger a potentially exploitable crash. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66. Una vulnerabilidad de confusión de tipo en compilador IonMonkey just-in-time (JIT) podría ser utilizado por JavaScript malicioso para desencadenar un fallo potencialmente explotable. Esta vulnerabilidad afecta a Thunderbird versiones anteriores a 60.6... • https://access.redhat.com/errata/RHSA-2019:0966 • CWE-617: Reachable Assertion CWE-787: Out-of-bounds Write CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2018-18499 – Mozilla: Same-origin policy violation using meta refresh and performance.getEntries to steal cross-origin URLs
https://notcve.org/view.php?id=CVE-2018-18499
28 Feb 2019 — A same-origin policy violation allowing the theft of cross-origin URL entries when using a meta http-equiv="refresh" on a page to cause a redirection to another site using performance.getEntries(). This is a same-origin policy violation and could allow for data theft. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird < 60.2.1. Una violación de una política del mismo origen permite el robo de entradas URL Cross-Origin cuando utiliza meta http-equiv="refresh" en una página para prov... • https://bugzilla.mozilla.org/show_bug.cgi?id=1468523 • CWE-346: Origin Validation Error CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVSS: 9.8EPSS: 41%CPEs: 18EXPL: 1CVE-2018-18500 – Mozilla: Use-after-free parsing HTML5 stream
https://notcve.org/view.php?id=CVE-2018-18500
30 Jan 2019 — A use-after-free vulnerability can occur while parsing an HTML5 stream in concert with custom HTML elements. This results in the stream parser object being freed while still in use, leading to a potentially exploitable crash. This vulnerability affects Thunderbird < 60.5, Firefox ESR < 60.5, and Firefox < 65. Una vulnerabilidad de memoria previamente liberada puede ocurrir a la hora de analizar una transmisión HTML5 junto con elementos HTML personalizados. Esto resulta en la liberación del objeto de análisi... • https://github.com/sophoslabs/CVE-2018-18500 • CWE-416: Use After Free •
CVSS: 9.8EPSS: 4%CPEs: 17EXPL: 0CVE-2018-18501 – Mozilla: Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5
https://notcve.org/view.php?id=CVE-2018-18501
30 Jan 2019 — Mozilla developers and community members reported memory safety bugs present in Firefox 64 and Firefox ESR 60.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60.5, Firefox ESR < 60.5, and Firefox < 65. Los desarrolladores de Mozilla y los miembros de la comunidad reportaron problemas de seguridad existentes en Firefox 64 and Firefox ESR 60.4. Algunos de esto... • http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00021.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 3%CPEs: 18EXPL: 0CVE-2018-18505 – Mozilla: Privilege escalation through IPC channel messages
https://notcve.org/view.php?id=CVE-2018-18505
30 Jan 2019 — An earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079, added authentication to communication between IPC endpoints and server parents during IPC process creation. This authentication is insufficient for channels created after the IPC process is started, leading to the authentication not being correctly applied to later channels. This could allow for a sandbox escape through IPC channels due to lack of message validation in the listener process. This vulnerability affects Thund... • http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00021.html • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 9%CPEs: 18EXPL: 0CVE-2018-18493 – Mozilla: Buffer overflow in accelerated 2D canvas with Skia
https://notcve.org/view.php?id=CVE-2018-18493
13 Dec 2018 — A buffer overflow can occur in the Skia library during buffer offset calculations with hardware accelerated canvas 2D actions due to the use of 32-bit calculations instead of 64-bit. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64. Puede ocurrir un desbordamiento de búfer en la librería SKIA durante los cálculos de un desplazamiento de búfer con acciones de hardware aceleradas de CANVAS 2D, debido al uso de cálculos de 32-b... • http://www.securityfocus.com/bid/106168 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •