CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2019-9794
https://notcve.org/view.php?id=CVE-2019-9794
26 Apr 2019 — A vulnerability was discovered where specific command line arguments are not properly discarded during Firefox invocation as a shell handler for URLs. This could be used to retrieve and execute files whose location is supplied through these command line arguments if Firefox is configured as the default URI handler for a given URI scheme in third party applications and these applications insufficiently sanitize URL data. *Note: This issue only affects Windows operating systems. Other operating systems are un... • https://bugzilla.mozilla.org/show_bug.cgi?id=1530103 • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-18513 – Gentoo Linux Security Advisory 201904-07
https://notcve.org/view.php?id=CVE-2018-18513
02 Apr 2019 — A crash can occur when processing a crafted S/MIME message or an XPI package containing a crafted signature. This can be used as a denial-of-service (DOS) attack because Thunderbird reopens the last seen message on restart, triggering the crash again. This vulnerability affects Thunderbird < 60.5. Puede producirse un bloqueo al procesar un mensaje S/MIME elaborado o un paquete XPI que contenga una firma elaborada. Esto puede utilizarse como un ataque de Denegación de Servicio (DOS) porque Thunderbird vuelve... • https://bugzilla.mozilla.org/show_bug.cgi?id=1533300 • CWE-476: NULL Pointer Dereference •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-18512 – Gentoo Linux Security Advisory 201904-07
https://notcve.org/view.php?id=CVE-2018-18512
02 Apr 2019 — A use-after-free vulnerability can occur while playing a sound notification in Thunderbird. The memory storing the sound data is immediately freed, although the sound is still being played asynchronously, leading to a potentially exploitable crash. This vulnerability affects Thunderbird < 60.5. Puede ocurrir una vulnerabilidad de uso después de la liberación mientras se reproduce una notificación sonora en Thunderbird. La memoria que almacena los datos de sonido se libera inmediatamente, aunque el sonido se... • https://bugzilla.mozilla.org/show_bug.cgi?id=1482659 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 91%CPEs: 11EXPL: 8CVE-2019-9810 – Mozilla Firefox Array.slice Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-9810
25 Mar 2019 — Incorrect alias information in IonMonkey JIT compiler for Array.prototype.slice method may lead to missing bounds check and a buffer overflow. This vulnerability affects Firefox < 66.0.1, Firefox ESR < 60.6.1, and Thunderbird < 60.6.1. La información incorrecta de alias en el compilador IonMonkey JIT para el método Array.prototype.slice puede llevar a la falta de comprobación de límites y a un desbordamiento del búfer. Esta vulnerabilidad afecta a Firefox versiones anteriores a 66.0.1, Firefox ESR versiones... • https://packetstorm.news/files/id/152251 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 69%CPEs: 3EXPL: 2CVE-2019-9813 – Mozilla Firefox IonMonkey Optimizer Type Confusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-9813
25 Mar 2019 — Incorrect handling of __proto__ mutations may lead to type confusion in IonMonkey JIT code and can be leveraged for arbitrary memory read and write. This vulnerability affects Firefox < 66.0.1, Firefox ESR < 60.6.1, and Thunderbird < 60.6.1. Un manejo incorrecto de __proto__ mutations puede llevar a confusión de tipo en el código IonMonkey JIT, y puede aprovecharse para la lectura y escritura de memoria arbitraria. Esta vulnerabilidad afecta a Firefox versiones anteriores a 66.0.1, Firefox ESR versiones ant... • https://packetstorm.news/files/id/152304 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 9.8EPSS: 1%CPEs: 3EXPL: 0CVE-2019-9796 – Mozilla: Use-after-free with SMIL animation controller
https://notcve.org/view.php?id=CVE-2019-9796
20 Mar 2019 — A use-after-free vulnerability can occur when the SMIL animation controller incorrectly registers with the refresh driver twice when only a single registration is expected. When a registration is later freed with the removal of the animation controller element, the refresh driver incorrectly leaves a dangling pointer to the driver's observer array. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66. Una vulnerabilidad de uso después de liberación de memoria puede darse cuand... • https://access.redhat.com/errata/RHSA-2019:0966 • CWE-416: Use After Free •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2019-9795 – Mozilla: Type-confusion in IonMonkey JIT compiler
https://notcve.org/view.php?id=CVE-2019-9795
20 Mar 2019 — A vulnerability where type-confusion in the IonMonkey just-in-time (JIT) compiler could potentially be used by malicious JavaScript to trigger a potentially exploitable crash. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66. Una vulnerabilidad de confusión de tipo en compilador IonMonkey just-in-time (JIT) podría ser utilizado por JavaScript malicioso para desencadenar un fallo potencialmente explotable. Esta vulnerabilidad afecta a Thunderbird versiones anteriores a 60.6... • https://access.redhat.com/errata/RHSA-2019:0966 • CWE-617: Reachable Assertion CWE-787: Out-of-bounds Write CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 5.9EPSS: 0%CPEs: 3EXPL: 0CVE-2019-9793 – Mozilla: Improper bounds checks when Spectre mitigations are disabled
https://notcve.org/view.php?id=CVE-2019-9793
20 Mar 2019 — A mechanism was discovered that removes some bounds checking for string, array, or typed array accesses if Spectre mitigations have been disabled. This vulnerability could allow an attacker to create an arbitrary value in compiled JavaScript, for which the range analysis will infer a fully controlled, incorrect range in circumstances where users have explicitly disabled Spectre mitigations. *Note: Spectre mitigations are currently enabled for all users by default settings.*. This vulnerability affects Thund... • https://access.redhat.com/errata/RHSA-2019:0966 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 26%CPEs: 11EXPL: 4CVE-2019-9792 – Spidermonkey - IonMonkey Leaks JS_OPTIMIZED_OUT Magic Value to Script
https://notcve.org/view.php?id=CVE-2019-9792
20 Mar 2019 — The IonMonkey just-in-time (JIT) compiler can leak an internal JS_OPTIMIZED_OUT magic value to the running script during a bailout. This magic value can then be used by JavaScript to achieve memory corruption, which results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66. El compilador IonMonkey just-in-time (JIT) puede filtrar un valor mágico interno JS_OPTIMIZED_OUT para la ejecución script durante un rescate. JavaScript puede utiliza... • https://packetstorm.news/files/id/153106 • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2019-9790 – Mozilla: Use-after-free when removing in-use DOM elements
https://notcve.org/view.php?id=CVE-2019-9790
20 Mar 2019 — A use-after-free vulnerability can occur when a raw pointer to a DOM element on a page is obtained using JavaScript and the element is then removed while still in use. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66. Podría ocurrir una vulnerabilidad de uso después de liberación de memoria cuando es obtenido un puntero raw al elemento DOM en una página empleando JavaScript y el elemento es eliminado mientras sigue en uso. E... • https://access.redhat.com/errata/RHSA-2019:0966 • CWE-416: Use After Free •