CVSS: 8.8EPSS: 1%CPEs: 4EXPL: 0CVE-2019-11759 – Mozilla: Stack buffer overflow in HKDF output
https://notcve.org/view.php?id=CVE-2019-11759
An attacker could have caused 4 bytes of HMAC output to be written past the end of a buffer stored on the stack. This could be used by an attacker to execute arbitrary code or more likely lead to a crash. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2. Un atacante podría haber causado que 4 bytes de salida HMAC se escribieran más allá del final de un búfer almacenado en la pila. Esto podría ser usado por un atacante para ejecutar código arbitrario o, más probablemente, conllevar a un bloqueo. • https://bugzilla.mozilla.org/show_bug.cgi?id=1577953 https://security.gentoo.org/glsa/202003-10 https://usn.ubuntu.com/4335-1 https://www.mozilla.org/security/advisories/mfsa2019-33 https://www.mozilla.org/security/advisories/mfsa2019-34 https://www.mozilla.org/security/advisories/mfsa2019-35 https://access.redhat.com/security/cve/CVE-2019-11759 https://bugzilla.redhat.com/show_bug.cgi?id=1764440 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2019-11763 – Mozilla: Incorrect HTML parsing results in XSS bypass technique
https://notcve.org/view.php?id=CVE-2019-11763
Failure to correctly handle null bytes when processing HTML entities resulted in Firefox incorrectly parsing these entities. This could have led to HTML comment text being treated as HTML which could have led to XSS in a web application under certain conditions. It could have also led to HTML entities being masked from filters - enabling the use of entities to mask the actual characters of interest from filters. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2. Si no se manejan correctamente los bytes nulos cuando se procesan entidades HTML, Firefox analiza de manera incorrecta estas entidades. • https://bugzilla.mozilla.org/show_bug.cgi?id=1584216 https://security.gentoo.org/glsa/202003-10 https://usn.ubuntu.com/4335-1 https://www.mozilla.org/security/advisories/mfsa2019-33 https://www.mozilla.org/security/advisories/mfsa2019-34 https://www.mozilla.org/security/advisories/mfsa2019-35 https://access.redhat.com/security/cve/CVE-2019-11763 https://bugzilla.redhat.com/show_bug.cgi?id=1764444 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 1%CPEs: 4EXPL: 1CVE-2019-11764 – Mozilla: Memory safety bugs fixed in Firefox 70 and Firefox ESR 68.2
https://notcve.org/view.php?id=CVE-2019-11764
Mozilla developers and community members reported memory safety bugs present in Firefox 69 and Firefox ESR 68.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2. Los desarrolladores de Mozilla y los miembros de la comunidad reportaron bugs de seguridad de memoria presentes en Firefox versión 69 y Firefox ESR versión 68.1. Algunos de estos errores mostraron evidencia de corrupción de memoria y suponemos que con un esfuerzo suficiente algunos de estos podrían ser explotados para ejecutar código arbitrario. • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1558522%2C1577061%2C1548044%2C1571223%2C1573048%2C1578933%2C1575217%2C1583684%2C1586845%2C1581950%2C1583463%2C1586599 https://security.gentoo.org/glsa/202003-10 https://usn.ubuntu.com/4335-1 https://www.mozilla.org/security/advisories/mfsa2019-33 https://www.mozilla.org/security/advisories/mfsa2019-34 https://www.mozilla.org/security/advisories/mfsa2019-35 https://access.redhat.com/security/cve/CVE-2019-11764 https://bugzilla.redhat.com/show_bug.cgi?id=17 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2019-11762 – Mozilla: document.domain-based origin isolation has same-origin-property violation
https://notcve.org/view.php?id=CVE-2019-11762
If two same-origin documents set document.domain differently to become cross-origin, it was possible for them to call arbitrary DOM methods/getters/setters on the now-cross-origin window. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2. Si dos documentos del mismo origen configuran a document.domain de manera diferente para convertirse en origen cruzado, es posible llamar arbitrariamente a DOM methods/getters/setters en la ventana ahora de origen cruzado. Esta vulnerabilidad afecta a Firefox versiones anteriores a la versión 70, Thunderbird versiones anteriores a la versión 68.2 y Firefox ESR versiones anteriores a la versión 68.2. A flaw was found in Mozilla's firefox and thunderbird where if two same-origin documents set document.domain differently to become cross-origin, it was possible for them to call arbitrary DOM methods/getters/setters on the now-cross-origin window. • https://bugzilla.mozilla.org/show_bug.cgi?id=1582857 https://security.gentoo.org/glsa/202003-10 https://usn.ubuntu.com/4335-1 https://www.mozilla.org/security/advisories/mfsa2019-33 https://www.mozilla.org/security/advisories/mfsa2019-34 https://www.mozilla.org/security/advisories/mfsa2019-35 https://access.redhat.com/security/cve/CVE-2019-11762 https://bugzilla.redhat.com/show_bug.cgi?id=1764443 • CWE-346: Origin Validation Error CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVSS: 5.8EPSS: 0%CPEs: 4EXPL: 0CVE-2019-11761 – Mozilla: Unintended access to a privileged JSONView object
https://notcve.org/view.php?id=CVE-2019-11761
By using a form with a data URI it was possible to gain access to the privileged JSONView object that had been cloned into content. Impact from exposing this object appears to be minimal, however it was a bypass of existing defense in depth mechanisms. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2. Mediante el uso de un formulario con un URI de datos, fue posible conseguir acceso al objeto JSONView privilegiado que había sido clonado en contenido. El impacto de exponer este objeto parece ser mínimo, sin embargo, fue una omisión de los mecanismos de defensa existentes en profundidad. • https://bugzilla.mozilla.org/show_bug.cgi?id=1561502 https://security.gentoo.org/glsa/202003-10 https://usn.ubuntu.com/4335-1 https://www.mozilla.org/security/advisories/mfsa2019-33 https://www.mozilla.org/security/advisories/mfsa2019-34 https://www.mozilla.org/security/advisories/mfsa2019-35 https://access.redhat.com/security/cve/CVE-2019-11761 https://bugzilla.redhat.com/show_bug.cgi?id=1764442 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-749: Exposed Dangerous Method or Function CWE-862: Missing Authorization •