|
212341
|
8.8 |
HIGH
Network
|
mozilla
|
thunderbird
firefox
firefox_esr
|
Incorrect handling of __proto__ mutations may lead to type confusion in IonMonkey JIT code and can be leveraged for arbitrary memory read and write. This vulnerability affects Firefox < 66.0.1, Firef…
|
CWE-843
Type Confusion
|
CVE-2019-9813
|
2024-11-21 13:52 |
2019-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212342
|
8.8 |
HIGH
Network
|
mozilla
redhat
|
thunderbird
firefox
firefox_esr
enterprise_linux
enterprise_linux_eus
enterprise_linux_server_tus
enterprise_linux_server_aus
|
Incorrect alias information in IonMonkey JIT compiler for Array.prototype.slice method may lead to missing bounds check and a buffer overflow. This vulnerability affects Firefox < 66.0.1, Firefox ESR…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2019-9810
|
2024-11-21 13:52 |
2019-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212343
|
7.5 |
HIGH
Network
|
mozilla
|
firefox
|
If the source for resources on a page is through an FTP connection, it is possible to trigger a series of modal alert messages for these resources through invalid credentials or locations. These mess…
|
CWE-399
Resource Management Errors
|
CVE-2019-9809
|
2024-11-21 13:52 |
2019-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212344
|
5.3 |
MEDIUM
Network
|
mozilla
|
firefox
|
If WebRTC permission is requested from documents with data: or blob: URLs, the permission notifications do not properly display the originating domain. The notification states "Unknown origin" as the…
|
CWE-346
Origin Validation Error
|
CVE-2019-9808
|
2024-11-21 13:52 |
2019-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212345
|
4.3 |
MEDIUM
Network
|
mozilla
|
firefox
|
When arbitrary text is sent over an FTP connection and a page reload is initiated, it is possible to create a modal alert message with this text as the content. This could potentially be used for soc…
|
CWE-20
Improper Input Validation
|
CVE-2019-9807
|
2024-11-21 13:52 |
2019-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212346
|
7.5 |
HIGH
Network
|
mozilla
|
firefox
|
A vulnerability exists during authorization prompting for FTP transaction where successive modal prompts are displayed and cannot be immediately dismissed. This allows for a denial of service (DOS) a…
|
CWE-399
Resource Management Errors
|
CVE-2019-9806
|
2024-11-21 13:52 |
2019-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212347
|
9.8 |
CRITICAL
Network
|
mozilla
|
firefox
|
A latent vulnerability exists in the Prio library where data may be read from uninitialized memory for some functions, leading to potential memory corruption. This vulnerability affects Firefox < 66.
|
CWE-908
Use of Uninitialized Resource
|
CVE-2019-9805
|
2024-11-21 13:52 |
2019-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212348
|
9.8 |
CRITICAL
Network
|
mozilla
|
firefox
|
In Firefox Developer Tools it is possible that pasting the result of the 'Copy as cURL' command into a command shell on macOS will cause the execution of unintended additional bash script commands if…
|
CWE-78
OS Command
|
CVE-2019-9804
|
2024-11-21 13:52 |
2019-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212349
|
7.4 |
HIGH
Network
|
mozilla
|
firefox
|
The Upgrade-Insecure-Requests (UIR) specification states that if UIR is enabled through Content Security Policy (CSP), navigation to a same-origin URL must be upgraded to HTTPS. Firefox will incorrec…
|
CWE-346
Origin Validation Error
|
CVE-2019-9803
|
2024-11-21 13:52 |
2019-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212350
|
7.5 |
HIGH
Network
|
mozilla
|
firefox
|
If a Sandbox content process is compromised, it can initiate an FTP download which will then use a child process to render the downloaded data. The downloaded data can then be passed to the Chrome pr…
|
CWE-125
Out-of-bounds Read
|
CVE-2019-9802
|
2024-11-21 13:52 |
2019-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
