CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-9804
https://notcve.org/view.php?id=CVE-2019-9804
26 Apr 2019 — In Firefox Developer Tools it is possible that pasting the result of the 'Copy as cURL' command into a command shell on macOS will cause the execution of unintended additional bash script commands if the URL was maliciously crafted. This is the result of an issue with the native version of Bash on macOS. *Note: This issue only affects macOS. Other operating systems are unaffected.*. This vulnerability affects Firefox < 66. • https://bugzilla.mozilla.org/show_bug.cgi?id=1518026 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2019-9794
https://notcve.org/view.php?id=CVE-2019-9794
26 Apr 2019 — A vulnerability was discovered where specific command line arguments are not properly discarded during Firefox invocation as a shell handler for URLs. This could be used to retrieve and execute files whose location is supplied through these command line arguments if Firefox is configured as the default URI handler for a given URI scheme in third party applications and these applications insufficiently sanitize URL data. *Note: This issue only affects Windows operating systems. Other operating systems are un... • https://bugzilla.mozilla.org/show_bug.cgi?id=1530103 • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-18510
https://notcve.org/view.php?id=CVE-2018-18510
26 Apr 2019 — The about:crashcontent and about:crashparent pages can be triggered by web content. These pages are used to crash the loaded page or the browser for test purposes. This issue allows for a non-persistent denial of service (DOS) attack by a malicious site which links to these pages. This vulnerability affects Firefox < 64. Las paginas about:crashcontent y about:crashparent pueden ser accionadas por contenido web. • https://bugzilla.mozilla.org/show_bug.cgi?id=1507702 •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-9789
https://notcve.org/view.php?id=CVE-2019-9789
26 Apr 2019 — Mozilla developers and community members reported memory safety bugs present in Firefox 65. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 66. Los desarrolladores y miembros de la comunidad de Mozilla detectaron errores de seguridad de memoria en Firefox versión 65. Algunos de estos errores mostraron evidencia de corrupción en la memoria y suponemos que con sufici... • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1520483%2C1522987%2C1528199%2C1519337%2C1525549%2C1516179%2C1518524%2C1518331%2C1526579%2C1512567%2C1524335%2C1448505%2C1518821 • CWE-787: Out-of-bounds Write •
CVSS: 7.4EPSS: 0%CPEs: 2EXPL: 0CVE-2019-9798
https://notcve.org/view.php?id=CVE-2019-9798
26 Apr 2019 — On Android systems, Firefox can load a library from APITRACE_LIB, which is writable by all users and applications. This could allow malicious third party applications to execute a man-in-the-middle attack if a malicious code was written to that location and loaded. *Note: This issue only affects Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 66. • https://bugzilla.mozilla.org/show_bug.cgi?id=1527534 • CWE-426: Untrusted Search Path •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2019-9807
https://notcve.org/view.php?id=CVE-2019-9807
26 Apr 2019 — When arbitrary text is sent over an FTP connection and a page reload is initiated, it is possible to create a modal alert message with this text as the content. This could potentially be used for social engineering attacks. This vulnerability affects Firefox < 66. Cuando un text arbitrario es enviado sobre una conexión FTP y la recarga de página es iniciada, es posible crear un mensaje de alerta modal con ese texto como contenido. Esto puede ser potencialmente empleado para ataques de ingeniería social. • https://bugzilla.mozilla.org/show_bug.cgi?id=1362050 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 91%CPEs: 11EXPL: 8CVE-2019-9810 – Mozilla Firefox Array.slice Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-9810
25 Mar 2019 — Incorrect alias information in IonMonkey JIT compiler for Array.prototype.slice method may lead to missing bounds check and a buffer overflow. This vulnerability affects Firefox < 66.0.1, Firefox ESR < 60.6.1, and Thunderbird < 60.6.1. La información incorrecta de alias en el compilador IonMonkey JIT para el método Array.prototype.slice puede llevar a la falta de comprobación de límites y a un desbordamiento del búfer. Esta vulnerabilidad afecta a Firefox versiones anteriores a 66.0.1, Firefox ESR versiones... • https://packetstorm.news/files/id/152251 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 69%CPEs: 3EXPL: 2CVE-2019-9813 – Mozilla Firefox IonMonkey Optimizer Type Confusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-9813
25 Mar 2019 — Incorrect handling of __proto__ mutations may lead to type confusion in IonMonkey JIT code and can be leveraged for arbitrary memory read and write. This vulnerability affects Firefox < 66.0.1, Firefox ESR < 60.6.1, and Thunderbird < 60.6.1. Un manejo incorrecto de __proto__ mutations puede llevar a confusión de tipo en el código IonMonkey JIT, y puede aprovecharse para la lectura y escritura de memoria arbitraria. Esta vulnerabilidad afecta a Firefox versiones anteriores a 66.0.1, Firefox ESR versiones ant... • https://packetstorm.news/files/id/152304 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-9802 – Ubuntu Security Notice USN-3918-1
https://notcve.org/view.php?id=CVE-2019-9802
22 Mar 2019 — If a Sandbox content process is compromised, it can initiate an FTP download which will then use a child process to render the downloaded data. The downloaded data can then be passed to the Chrome process with an arbitrary file length supplied by an attacker, bypassing sandbox protections and allow for a potential memory read of adjacent data from the privileged Chrome process, which may include sensitive data. This vulnerability affects Firefox < 66. Si un proceso contenido de Sandbox se ve comprometido, p... • https://bugzilla.mozilla.org/show_bug.cgi?id=1415508 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-9809 – Ubuntu Security Notice USN-3918-2
https://notcve.org/view.php?id=CVE-2019-9809
22 Mar 2019 — If the source for resources on a page is through an FTP connection, it is possible to trigger a series of modal alert messages for these resources through invalid credentials or locations. These messages cannot be immediately dismissed, allowing for a denial of service (DOS) attack. This vulnerability affects Firefox < 66. Si el origen de los recursos de una página es a través de una conexión FTP, es posible desencadenar una serie de mensajes de alerta modales para estos recursos a través de las ubicaciones... • https://bugzilla.mozilla.org/show_bug.cgi?id=1282430 • CWE-399: Resource Management Errors •