FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mozilla -- multiple vulnerabilities

Affected packages
firefox < 68.0_4,1
waterfox < 56.2.12
linux-seamonkey < 2.49.5
seamonkey < 2.49.5
firefox-esr < 60.8.0,1
linux-firefox < 60.8.0,2
libxul < 60.8.0
linux-thunderbird < 60.8.0
thunderbird < 60.8.0

Details

VuXML ID 0592f49f-b3b8-4260-b648-d1718762656c
Discovery 2019-07-09
Entry 2019-07-09

Mozilla Foundation reports:

CVE-2019-9811: Sandbox escape via installation of malicious language pack

CVE-2019-11711: Script injection within domain through inner window reuse

CVE-2019-11712: Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects

CVE-2019-11713: Use-after-free with HTTP/2 cached stream

CVE-2019-11714: NeckoChild can trigger crash when accessed off of main thread

CVE-2019-11729: Empty or malformed p256-ECDH public keys may trigger a segmentation fault

CVE-2019-11715: HTML parsing error can contribute to content XSS

CVE-2019-11716: globalThis not enumerable until accessed

CVE-2019-11717: Caret character improperly escaped in origins

CVE-2019-11718: Activity Stream writes unsanitized content to innerHTML

CVE-2019-11719: Out-of-bounds read when importing curve25519 private key

CVE-2019-11720: Character encoding XSS vulnerability

CVE-2019-11721: Domain spoofing through unicode latin 'kra' character

CVE-2019-11730: Same-origin policy treats all files in a directory as having the same-origin

CVE-2019-11723: Cookie leakage during add-on fetching across private browsing boundaries

CVE-2019-11724: Retired site input.mozilla.org has remote troubleshooting permissions

CVE-2019-11725: Websocket resources bypass safebrowsing protections

CVE-2019-11727: PKCS#1 v1.5 signatures can be used for TLS 1.3

CVE-2019-11728: Port scanning through Alt-Svc header

CVE-2019-11710: Memory safety bugs fixed in Firefox 68

CVE-2019-11709: Memory safety bugs fixed in Firefox 68 and Firefox ESR 60.8

References

CVE Name CVE-2019-11709
CVE Name CVE-2019-11710
CVE Name CVE-2019-11711
CVE Name CVE-2019-11712
CVE Name CVE-2019-11713
CVE Name CVE-2019-11714
CVE Name CVE-2019-11715
CVE Name CVE-2019-11716
CVE Name CVE-2019-11717
CVE Name CVE-2019-11718
CVE Name CVE-2019-11719
CVE Name CVE-2019-11720
CVE Name CVE-2019-11721
CVE Name CVE-2019-11723
CVE Name CVE-2019-11724
CVE Name CVE-2019-11725
CVE Name CVE-2019-11727
CVE Name CVE-2019-11728
CVE Name CVE-2019-11729
CVE Name CVE-2019-11730
CVE Name CVE-2019-9811
URL https://www.mozilla.org/security/advisories/mfsa2019-21/
URL https://www.mozilla.org/security/advisories/mfsa2019-22/