|
214751
|
7.5 |
HIGH
Network
|
mozilla
|
firefox
|
If the source for resources on a page is through an FTP connection, it is possible to trigger a series of modal alert messages for these resources through invalid credentials or locations. These mess…
|
CWE-399
Resource Management Errors
|
CVE-2019-9809
|
2024-11-21 13:52 |
2019-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214752
|
5.3 |
MEDIUM
Network
|
mozilla
|
firefox
|
If WebRTC permission is requested from documents with data: or blob: URLs, the permission notifications do not properly display the originating domain. The notification states "Unknown origin" as the…
|
CWE-346
Origin Validation Error
|
CVE-2019-9808
|
2024-11-21 13:52 |
2019-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214753
|
4.3 |
MEDIUM
Network
|
mozilla
|
firefox
|
When arbitrary text is sent over an FTP connection and a page reload is initiated, it is possible to create a modal alert message with this text as the content. This could potentially be used for soc…
|
CWE-20
Improper Input Validation
|
CVE-2019-9807
|
2024-11-21 13:52 |
2019-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214754
|
7.5 |
HIGH
Network
|
mozilla
|
firefox
|
A vulnerability exists during authorization prompting for FTP transaction where successive modal prompts are displayed and cannot be immediately dismissed. This allows for a denial of service (DOS) a…
|
CWE-399
Resource Management Errors
|
CVE-2019-9806
|
2024-11-21 13:52 |
2019-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214755
|
9.8 |
CRITICAL
Network
|
mozilla
|
firefox
|
A latent vulnerability exists in the Prio library where data may be read from uninitialized memory for some functions, leading to potential memory corruption. This vulnerability affects Firefox < 66.
|
CWE-908
Use of Uninitialized Resource
|
CVE-2019-9805
|
2024-11-21 13:52 |
2019-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214756
|
9.8 |
CRITICAL
Network
|
mozilla
|
firefox
|
In Firefox Developer Tools it is possible that pasting the result of the 'Copy as cURL' command into a command shell on macOS will cause the execution of unintended additional bash script commands if…
|
CWE-78
OS Command
|
CVE-2019-9804
|
2024-11-21 13:52 |
2019-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214757
|
7.4 |
HIGH
Network
|
mozilla
|
firefox
|
The Upgrade-Insecure-Requests (UIR) specification states that if UIR is enabled through Content Security Policy (CSP), navigation to a same-origin URL must be upgraded to HTTPS. Firefox will incorrec…
|
CWE-346
Origin Validation Error
|
CVE-2019-9803
|
2024-11-21 13:52 |
2019-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214758
|
7.5 |
HIGH
Network
|
mozilla
|
firefox
|
If a Sandbox content process is compromised, it can initiate an FTP download which will then use a child process to render the downloaded data. The downloaded data can then be passed to the Chrome pr…
|
CWE-125
Out-of-bounds Read
|
CVE-2019-9802
|
2024-11-21 13:52 |
2019-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214759
|
7.5 |
HIGH
Network
|
mozilla
|
firefox
|
Insufficient bounds checking of data during inter-process communication might allow a compromised content process to be able to read memory from the parent process under certain conditions. This vuln…
|
CWE-20
CWE-125
Improper Input Validation
Out-of-bounds Read
|
CVE-2019-9799
|
2024-11-21 13:52 |
2019-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214760
|
7.4 |
HIGH
Network
|
mozilla
|
firefox
|
On Android systems, Firefox can load a library from APITRACE_LIB, which is writable by all users and applications. This could allow malicious third party applications to execute a man-in-the-middle a…
|
CWE-426
Untrusted Search Path
|
CVE-2019-9798
|
2024-11-21 13:52 |
2019-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
