CVE-2019-11740 – Mozilla: Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, Firefox ESR 60.9, Thunderbird 68.1, and Thunderbird 60.9
https://notcve.org/view.php?id=CVE-2019-11740
Mozilla developers and community members reported memory safety bugs present in Firefox 68, Firefox ESR 68, and Firefox 60.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 69, Thunderbird < 68.1, Thunderbird < 60.9, Firefox ESR < 60.9, and Firefox ESR < 68.1. Los desarrolladores de Mozilla y los miembros de la comunidad reportaron bugs de seguridad de la memoria presentes en Firefox versión 68, Firefox ESR versión 68 y Firefox 60.8. Algunos de estos errores mostraron evidencia de corrupción de memoria y presumimos que con suficiente esfuerzo algunos de estos podrían ser explotados para ejecutar código arbitrario. • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00017.html https://bugzilla.mozilla.org/buglist.cgi?bug_id=1563133%2C1573160 https://security.gentoo.org/glsa/201911-07 https://usn.ubuntu.com/4150-1 https://www.mozilla.org/security/advisories/mfsa2019-25 https& • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVE-2019-11743 – Mozilla: Cross-origin access to unload event attributes
https://notcve.org/view.php?id=CVE-2019-11743
Navigation events were not fully adhering to the W3C's "Navigation-Timing Level 2" draft specification in some instances for the unload event, which restricts access to detailed timing attributes to only be same-origin. This resulted in potential cross-origin information exposure of history through timing side-channel attacks. This vulnerability affects Firefox < 69, Thunderbird < 68.1, Thunderbird < 60.9, Firefox ESR < 60.9, and Firefox ESR < 68.1. Los eventos de navegación no se adhirieron totalmente a la especificación borrador del "Navigation-Timing Level 2" de W3C en algunas instancias para el evento de descarga, que restringe el acceso a los atributos de sincronización detallados para que solo sean del mismo origen. Esto resultó en una posible exposición de información de origen cruzado mediante la sincronización de ataques de canal lateral. • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00017.html https://bugzilla.mozilla.org/show_bug.cgi?id=1560495 https://security.gentoo.org/glsa/201911-07 https://usn.ubuntu.com/4150-1 https://w3c.github.io/navigation-timing https://www.mozilla.org • CWE-203: Observable Discrepancy CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVE-2019-11752 – Mozilla: Use-after-free while extracting a key value in IndexedDB
https://notcve.org/view.php?id=CVE-2019-11752
It is possible to delete an IndexedDB key value and subsequently try to extract it during conversion. This results in a use-after-free and a potentially exploitable crash. This vulnerability affects Firefox < 69, Thunderbird < 68.1, Thunderbird < 60.9, Firefox ESR < 60.9, and Firefox ESR < 68.1. Es posible eliminar un valor de clave IndexedDB y posteriormente intentar extraerlo durante la conversión. Esto resulta en un uso de la memoria previamente liberada y un bloqueo potencialmente explotable. • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00017.html https://bugzilla.mozilla.org/show_bug.cgi?id=1501152 https://security.gentoo.org/glsa/201911-07 https://usn.ubuntu.com/4150-1 https://www.mozilla.org/security/advisories/mfsa2019-25 https://w • CWE-416: Use After Free •
CVE-2019-9815
https://notcve.org/view.php?id=CVE-2019-9815
If hyperthreading is not disabled, a timing attack vulnerability exists, similar to previous Spectre attacks. Apple has shipped macOS 10.14.5 with an option to disable hyperthreading in applications running untrusted code in a thread through a new sysctl. Firefox now makes use of it on the main thread and any worker threads. *Note: users need to update to macOS 10.14.5 in order to take advantage of this change.*. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7. • https://bugzilla.mozilla.org/show_bug.cgi?id=1546544 https://mdsattacks.com https://www.mozilla.org/security/advisories/mfsa2019-13 https://www.mozilla.org/security/advisories/mfsa2019-14 https://www.mozilla.org/security/advisories/mfsa2019-15 • CWE-203: Observable Discrepancy •
CVE-2019-9818
https://notcve.org/view.php?id=CVE-2019-9818
A race condition is present in the crash generation server used to generate data for the crash reporter. This issue can lead to a use-after-free in the main process, resulting in a potentially exploitable crash and a sandbox escape. *Note: this vulnerability only affects Windows. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7. • https://bugzilla.mozilla.org/show_bug.cgi?id=1542581 https://www.mozilla.org/security/advisories/mfsa2019-13 https://www.mozilla.org/security/advisories/mfsa2019-14 https://www.mozilla.org/security/advisories/mfsa2019-15 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •