|
222961
|
7.4 |
HIGH
Network
|
mozilla
|
firefox
|
If an image had not loaded correctly (such as when it is not actually an image), it could be dragged and dropped cross-domain, resulting in a cross-origin information leak. This vulnerability affects…
|
CWE-863
Incorrect Authorization
|
CVE-2019-17014
|
2024-11-21 13:31 |
2020-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222962
|
8.8 |
HIGH
Network
|
mozilla
|
firefox
|
Mozilla developers reported memory safety bugs present in Firefox 70. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been expl…
|
CWE-787
CWE-416
Out-of-bounds Write
Use After Free
|
CVE-2019-17013
|
2024-11-21 13:31 |
2020-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222963
|
8.8 |
HIGH
Network
|
mozilla
opensuse
canonical
|
firefox
firefox_esr
thunderbird
leap
ubuntu_linux
|
Mozilla developers reported memory safety bugs present in Firefox 70 and Firefox ESR 68.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these…
|
CWE-787
Out-of-bounds Write
|
CVE-2019-17012
|
2024-11-21 13:31 |
2020-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222964
|
7.5 |
HIGH
Network
|
mozilla
opensuse
canonical
|
firefox
firefox_esr
thunderbird
leap
ubuntu_linux
|
Under certain conditions, when retrieving a document from a DocShell in the antitracking code, a race condition could cause a use-after-free condition and a potentially exploitable crash. This vulner…
|
CWE-362
Race Condition
|
CVE-2019-17011
|
2024-11-21 13:31 |
2020-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222965
|
7.5 |
HIGH
Network
|
mozilla
opensuse
canonical
|
firefox
firefox_esr
thunderbird
leap
ubuntu_linux
|
Under certain conditions, when checking the Resist Fingerprinting preference during device orientation checks, a race condition could have caused a use-after-free and a potentially exploitable crash.…
|
CWE-362
Race Condition
|
CVE-2019-17010
|
2024-11-21 13:31 |
2020-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222966
|
7.8 |
HIGH
Local
|
mozilla
opensuse
|
firefox
firefox_esr
thunderbird
leap
|
When running, the updater service wrote status and log files to an unrestricted location; potentially allowing an unprivileged process to locate and exploit a vulnerability in file handling in the up…
|
NVD-CWE-noinfo
|
CVE-2019-17009
|
2024-11-21 13:31 |
2020-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222967
|
8.8 |
HIGH
Network
|
mozilla
opensuse
|
firefox
firefox_esr
thunderbird
leap
|
When using nested workers, a use-after-free could occur during worker destruction. This resulted in a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3,…
|
CWE-416
Use After Free
|
CVE-2019-17008
|
2024-11-21 13:31 |
2020-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222968
|
8.8 |
HIGH
Network
|
mozilla
opensuse
canonical
|
firefox
firefox_esr
thunderbird
leap
ubuntu_linux
|
The plain text serializer used a fixed-size array for the number of <ol> elements it could process; however it was possible to overflow the static-sized array leading to memory corruption and a poten…
|
CWE-787
Out-of-bounds Write
|
CVE-2019-17005
|
2024-11-21 13:31 |
2020-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222969
|
4.3 |
MEDIUM
Network
|
mozilla
|
firefox
|
If upgrade-insecure-requests was specified in the Content Security Policy, and a link was dragged and dropped from that page, the link was not upgraded to https. This vulnerability affects Firefox < …
|
NVD-CWE-noinfo
|
CVE-2019-17002
|
2024-11-21 13:31 |
2020-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222970
|
6.1 |
MEDIUM
Network
|
mozilla
|
firefox
|
A Content-Security-Policy that blocks in-line scripts could be bypassed using an object tag to execute JavaScript in the protected document (cross-site scripting). This is a separate bypass from CVE-…
|
CWE-79
Cross-site Scripting
|
CVE-2019-17001
|
2024-11-21 13:31 |
2020-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
