|
211051
|
9.8 |
CRITICAL
Network
|
mozilla
|
firefox
|
A latent vulnerability exists in the Prio library where data may be read from uninitialized memory for some functions, leading to potential memory corruption. This vulnerability affects Firefox < 66.
|
CWE-908
Use of Uninitialized Resource
|
CVE-2019-9805
|
2024-11-21 13:52 |
2019-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211052
|
9.8 |
CRITICAL
Network
|
mozilla
|
firefox
|
In Firefox Developer Tools it is possible that pasting the result of the 'Copy as cURL' command into a command shell on macOS will cause the execution of unintended additional bash script commands if…
|
CWE-78
OS Command
|
CVE-2019-9804
|
2024-11-21 13:52 |
2019-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211053
|
7.4 |
HIGH
Network
|
mozilla
|
firefox
|
The Upgrade-Insecure-Requests (UIR) specification states that if UIR is enabled through Content Security Policy (CSP), navigation to a same-origin URL must be upgraded to HTTPS. Firefox will incorrec…
|
CWE-346
Origin Validation Error
|
CVE-2019-9803
|
2024-11-21 13:52 |
2019-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211054
|
7.5 |
HIGH
Network
|
mozilla
|
firefox
|
If a Sandbox content process is compromised, it can initiate an FTP download which will then use a child process to render the downloaded data. The downloaded data can then be passed to the Chrome pr…
|
CWE-125
Out-of-bounds Read
|
CVE-2019-9802
|
2024-11-21 13:52 |
2019-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211055
|
7.5 |
HIGH
Network
|
mozilla
|
firefox
|
Insufficient bounds checking of data during inter-process communication might allow a compromised content process to be able to read memory from the parent process under certain conditions. This vuln…
|
CWE-20
CWE-125
Improper Input Validation
Out-of-bounds Read
|
CVE-2019-9799
|
2024-11-21 13:52 |
2019-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211056
|
7.4 |
HIGH
Network
|
mozilla
|
firefox
|
On Android systems, Firefox can load a library from APITRACE_LIB, which is writable by all users and applications. This could allow malicious third party applications to execute a man-in-the-middle a…
|
CWE-426
Untrusted Search Path
|
CVE-2019-9798
|
2024-11-21 13:52 |
2019-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211057
|
5.3 |
MEDIUM
Network
|
mozilla
|
firefox
|
Cross-origin images can be read in violation of the same-origin policy by exporting an image after using createImageBitmap to read the image and then rendering the resulting bitmap image within a can…
|
CWE-346
Origin Validation Error
|
CVE-2019-9797
|
2024-11-21 13:52 |
2019-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211058
|
5.3 |
MEDIUM
Network
|
mozilla
|
firefox
firefox_esr
thunderbird
|
Firefox will accept any registered Program ID as an external protocol handler and offer to launch this local application when given a matching URL on Windows operating systems. This should only happe…
|
CWE-20
Improper Input Validation
|
CVE-2019-9801
|
2024-11-21 13:52 |
2019-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211059
|
9.8 |
CRITICAL
Network
|
mozilla
|
firefox
firefox_esr
thunderbird
|
A use-after-free vulnerability can occur when the SMIL animation controller incorrectly registers with the refresh driver twice when only a single registration is expected. When a registration is lat…
|
CWE-416
Use After Free
|
CVE-2019-9796
|
2024-11-21 13:52 |
2019-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211060
|
9.8 |
CRITICAL
Network
|
mozilla
|
firefox
firefox_esr
thunderbird
|
A vulnerability where type-confusion in the IonMonkey just-in-time (JIT) compiler could potentially be used by malicious JavaScript to trigger a potentially exploitable crash. This vulnerability affe…
|
CWE-617
CWE-843
Reachable Assertion
Type Confusion
|
CVE-2019-9795
|
2024-11-21 13:52 |
2019-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
