FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mozilla -- multiple vulnerabilities

Affected packages
firefox < 69.0,1
waterfox < 56.2.14
linux-seamonkey < 2.53.0
seamonkey < 2.53.0
61.0,1 <= firefox-esr < 68.1.0,1
firefox-esr < 60.9.0,1
61.0,2 <= linux-firefox < 68.1.0,2
linux-firefox < 60.9.0,2
61.0 <= libxul < 68.1.0
libxul < 60.9.0
61.0 <= linux-thunderbird < 68.1.0
linux-thunderbird < 60.9.0
61.0 <= thunderbird < 68.1.0
thunderbird < 60.9.0

Details

VuXML ID 05463e0a-abd3-4fa4-bd5f-cd5ed132d4c6
Discovery 2019-09-03
Entry 2019-09-03

Mozilla Foundation reports:

CVE-2019-11751: Malicious code execution through command line parameters

CVE-2019-11746: Use-after-free while manipulating video

CVE-2019-11744: XSS by breaking out of title and textarea elements using innerHTML

CVE-2019-11742: Same-origin policy violation with SVG filters and canvas to steal cross-origin images

CVE-2019-11736: File manipulation and privilege escalation in Mozilla Maintenance Service

CVE-2019-11753: Privilege escalation with Mozilla Maintenance Service in custom Firefox installation location

CVE-2019-11752: Use-after-free while extracting a key value in IndexedDB

CVE-2019-9812: Sandbox escape through Firefox Sync

CVE-2019-11741: Isolate addons.mozilla.org and accounts.firefox.com

CVE-2019-11743: Cross-origin access to unload event attributes

CVE-2019-11748: Persistence of WebRTC permissions in a third party context

CVE-2019-11749: Camera information available without prompting using getUserMedia

CVE-2019-5849: Out-of-bounds read in Skia

CVE-2019-11750: Type confusion in Spidermonkey

CVE-2019-11737: Content security policy directives ignore port and path if host is a wildcard

CVE-2019-11738: Content security policy bypass through hash-based sources in directives

CVE-2019-11747: 'Forget about this site' removes sites from pre-loaded HSTS list

CVE-2019-11734: Memory safety bugs fixed in Firefox 69

CVE-2019-11735: Memory safety bugs fixed in Firefox 69 and Firefox ESR 68.1

CVE-2019-11740: Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox ESR 60.9

References

CVE Name CVE-2019-11734
CVE Name CVE-2019-11735
CVE Name CVE-2019-11736
CVE Name CVE-2019-11737
CVE Name CVE-2019-11738
CVE Name CVE-2019-11740
CVE Name CVE-2019-11741
CVE Name CVE-2019-11742
CVE Name CVE-2019-11743
CVE Name CVE-2019-11744
CVE Name CVE-2019-11746
CVE Name CVE-2019-11747
CVE Name CVE-2019-11748
CVE Name CVE-2019-11749
CVE Name CVE-2019-11750
CVE Name CVE-2019-11751
CVE Name CVE-2019-11752
CVE Name CVE-2019-11753
CVE Name CVE-2019-5849
CVE Name CVE-2019-9812
URL https://www.mozilla.org/security/advisories/mfsa2019-25/
URL https://www.mozilla.org/security/advisories/mfsa2019-26/
URL https://www.mozilla.org/security/advisories/mfsa2019-27/