CVE-2019-9818
https://notcve.org/view.php?id=CVE-2019-9818
A race condition is present in the crash generation server used to generate data for the crash reporter. This issue can lead to a use-after-free in the main process, resulting in a potentially exploitable crash and a sandbox escape. *Note: this vulnerability only affects Windows. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7. • https://bugzilla.mozilla.org/show_bug.cgi?id=1542581 https://www.mozilla.org/security/advisories/mfsa2019-13 https://www.mozilla.org/security/advisories/mfsa2019-14 https://www.mozilla.org/security/advisories/mfsa2019-15 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVE-2019-11694
https://notcve.org/view.php?id=CVE-2019-11694
A vulnerability exists in the Windows sandbox where an uninitialized value in memory can be leaked to a renderer from a broker when making a call to access an otherwise unavailable file. This results in the potential leaking of information stored at that memory location. *Note: this issue only occurs on Windows. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7. • https://bugzilla.mozilla.org/show_bug.cgi?id=1534196 https://www.mozilla.org/security/advisories/mfsa2019-13 https://www.mozilla.org/security/advisories/mfsa2019-14 https://www.mozilla.org/security/advisories/mfsa2019-15 • CWE-755: Improper Handling of Exceptional Conditions CWE-908: Use of Uninitialized Resource •
CVE-2019-11711 – Mozilla: Script injection within domain through inner window reuse
https://notcve.org/view.php?id=CVE-2019-11711
When an inner window is reused, it does not consider the use of document.domain for cross-origin protections. If pages on different subdomains ever cooperatively use document.domain, then either page can abuse this to inject script into arbitrary pages on the other subdomain, even those that did not use document.domain to relax their origin security. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. Cuando se reutiliza una ventana interior, no se considera el uso de document.domain para las protecciones de origen cruzado. Si las páginas en diferentes subdominios alguna vez usan cooperativamente document.domain, entonces cualquiera de las páginas puede abusar de esto para inyectar el script en páginas arbitrarias en el otro subdominio, incluso aquellas que no usaron document.domain para mitigar la seguridad de su origen. • http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00073.html http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00010.html https://bugzilla.mozilla.org/show_bug.cgi?id=1552541 https://lists.debian.org/debian-lts-announce/2019/08/msg00001.html https:/ • CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer •
CVE-2019-11712 – Mozilla: Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects
https://notcve.org/view.php?id=CVE-2019-11712
POST requests made by NPAPI plugins, such as Flash, that receive a status 308 redirect response can bypass CORS requirements. This can allow an attacker to perform Cross-Site Request Forgery (CSRF) attacks. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. Las peticiones POST realizadas por complementos de NPAPI, tal y como Flash, que reciben una respuesta de redireccionamiento del estado 308 pueden pasar por alto los requerimientos de CORS. Esto puede permitir a un atacante realizar ataques de tipo Cross-Site Request Forgery (CSRF). • http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00073.html http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00010.html https://bugzilla.mozilla.org/show_bug.cgi?id=1543804 https://lists.debian.org/debian-lts-announce/2019/08/msg00001.html https:/ • CWE-352: Cross-Site Request Forgery (CSRF) CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVE-2019-11713 – Mozilla: Use-after-free with HTTP/2 cached stream
https://notcve.org/view.php?id=CVE-2019-11713
A use-after-free vulnerability can occur in HTTP/2 when a cached HTTP/2 stream is closed while still in use, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. Puede ocurrir una vulnerabilidad de uso de la memoria previamente liberada en HTTP/2 cuando una transmisión HTTP/2 almacenada en caché se cierra cuando aún está en uso, lo que resulta en un bloqueo potencialmente explotable. Esta vulnerabilidad afecta a Firefox ESR anterior a versión 60.8, Firefox anterior a versión 68 y Thunderbird anterior a versión 60.8. • http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00073.html http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00010.html https://bugzilla.mozilla.org/show_bug.cgi?id=1528481 https://lists.debian.org/debian-lts-announce/2019/08/msg00001.html https:/ • CWE-416: Use After Free •