CVSS: 5.9EPSS: 0%CPEs: 3EXPL: 0CVE-2019-9793 – Mozilla: Improper bounds checks when Spectre mitigations are disabled
https://notcve.org/view.php?id=CVE-2019-9793
20 Mar 2019 — A mechanism was discovered that removes some bounds checking for string, array, or typed array accesses if Spectre mitigations have been disabled. This vulnerability could allow an attacker to create an arbitrary value in compiled JavaScript, for which the range analysis will infer a fully controlled, incorrect range in circumstances where users have explicitly disabled Spectre mitigations. *Note: Spectre mitigations are currently enabled for all users by default settings.*. This vulnerability affects Thund... • https://access.redhat.com/errata/RHSA-2019:0966 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 26%CPEs: 11EXPL: 4CVE-2019-9792 – Spidermonkey - IonMonkey Leaks JS_OPTIMIZED_OUT Magic Value to Script
https://notcve.org/view.php?id=CVE-2019-9792
20 Mar 2019 — The IonMonkey just-in-time (JIT) compiler can leak an internal JS_OPTIMIZED_OUT magic value to the running script during a bailout. This magic value can then be used by JavaScript to achieve memory corruption, which results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66. El compilador IonMonkey just-in-time (JIT) puede filtrar un valor mágico interno JS_OPTIMIZED_OUT para la ejecución script durante un rescate. JavaScript puede utiliza... • https://packetstorm.news/files/id/153106 • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2019-9790 – Mozilla: Use-after-free when removing in-use DOM elements
https://notcve.org/view.php?id=CVE-2019-9790
20 Mar 2019 — A use-after-free vulnerability can occur when a raw pointer to a DOM element on a page is obtained using JavaScript and the element is then removed while still in use. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66. Podría ocurrir una vulnerabilidad de uso después de liberación de memoria cuando es obtenido un puntero raw al elemento DOM en una página empleando JavaScript y el elemento es eliminado mientras sigue en uso. E... • https://access.redhat.com/errata/RHSA-2019:0966 • CWE-416: Use After Free •
CVSS: 9.8EPSS: 0%CPEs: 11EXPL: 0CVE-2019-9788 – Mozilla: Memory safety bugs fixed in Firefox 66 and Firefox ESR 60.6
https://notcve.org/view.php?id=CVE-2019-9788
20 Mar 2019 — Mozilla developers and community members reported memory safety bugs present in Firefox 65, Firefox ESR 60.5, and Thunderbird 60.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66. Desarrolladores de Mozilla y miembros de la comunidad reportaron bugs en seguridad de memoria presentes en Firefox 65, Firefox ESR 60.5, y ... • https://access.redhat.com/errata/RHSA-2019:0966 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 20%CPEs: 11EXPL: 4CVE-2019-9791 – Spidermonkey - IonMonkey Type Inference is Incorrect for Constructors Entered via OSR
https://notcve.org/view.php?id=CVE-2019-9791
20 Mar 2019 — The type inference system allows the compilation of functions that can cause type confusions between arbitrary objects when compiled through the IonMonkey just-in-time (JIT) compiler and when the constructor function is entered through on-stack replacement (OSR). This allows for possible arbitrary reading and writing of objects during an exploitable crash. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66. El sistema de inferencia de tipos permite la recopilación de funcion... • https://packetstorm.news/files/id/152266 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2018-18499 – Mozilla: Same-origin policy violation using meta refresh and performance.getEntries to steal cross-origin URLs
https://notcve.org/view.php?id=CVE-2018-18499
28 Feb 2019 — A same-origin policy violation allowing the theft of cross-origin URL entries when using a meta http-equiv="refresh" on a page to cause a redirection to another site using performance.getEntries(). This is a same-origin policy violation and could allow for data theft. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird < 60.2.1. Una violación de una política del mismo origen permite el robo de entradas URL Cross-Origin cuando utiliza meta http-equiv="refresh" en una página para prov... • https://bugzilla.mozilla.org/show_bug.cgi?id=1468523 • CWE-346: Origin Validation Error CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVSS: 10.0EPSS: 0%CPEs: 18EXPL: 0CVE-2018-18505 – Mozilla: Privilege escalation through IPC channel messages
https://notcve.org/view.php?id=CVE-2018-18505
30 Jan 2019 — An earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079, added authentication to communication between IPC endpoints and server parents during IPC process creation. This authentication is insufficient for channels created after the IPC process is started, leading to the authentication not being correctly applied to later channels. This could allow for a sandbox escape through IPC channels due to lack of message validation in the listener process. This vulnerability affects Thund... • http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00021.html • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 0%CPEs: 17EXPL: 0CVE-2018-18501 – Mozilla: Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5
https://notcve.org/view.php?id=CVE-2018-18501
30 Jan 2019 — Mozilla developers and community members reported memory safety bugs present in Firefox 64 and Firefox ESR 60.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60.5, Firefox ESR < 60.5, and Firefox < 65. Los desarrolladores de Mozilla y los miembros de la comunidad reportaron problemas de seguridad existentes en Firefox 64 and Firefox ESR 60.4. Algunos de esto... • http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00021.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 9%CPEs: 18EXPL: 1CVE-2018-18500 – Mozilla: Use-after-free parsing HTML5 stream
https://notcve.org/view.php?id=CVE-2018-18500
30 Jan 2019 — A use-after-free vulnerability can occur while parsing an HTML5 stream in concert with custom HTML elements. This results in the stream parser object being freed while still in use, leading to a potentially exploitable crash. This vulnerability affects Thunderbird < 60.5, Firefox ESR < 60.5, and Firefox < 65. Una vulnerabilidad de memoria previamente liberada puede ocurrir a la hora de analizar una transmisión HTML5 junto con elementos HTML personalizados. Esto resulta en la liberación del objeto de análisi... • https://github.com/sophoslabs/CVE-2018-18500 • CWE-416: Use After Free •
CVSS: 9.8EPSS: 0%CPEs: 18EXPL: 0CVE-2018-18493 – Mozilla: Buffer overflow in accelerated 2D canvas with Skia
https://notcve.org/view.php?id=CVE-2018-18493
13 Dec 2018 — A buffer overflow can occur in the Skia library during buffer offset calculations with hardware accelerated canvas 2D actions due to the use of 32-bit calculations instead of 64-bit. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64. Puede ocurrir un desbordamiento de búfer en la librería SKIA durante los cálculos de un desplazamiento de búfer con acciones de hardware aceleradas de CANVAS 2D, debido al uso de cálculos de 32-b... • http://www.securityfocus.com/bid/106168 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •