FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mozilla -- multiple vulnerabilities

Affected packages
firefox < 67.0,1
waterfox < 56.2.10
linux-seamonkey < 2.53.0
seamonkey < 2.53.0
firefox-esr < 60.7.0,1
linux-firefox < 60.7.0,2
libxul < 60.7.0
linux-thunderbird < 60.7.0
thunderbird < 60.7.0

Details

VuXML ID 44b6dfbf-4ef7-4d52-ad52-2b1b05d81272
Discovery 2019-05-21
Entry 2019-05-22
Modified 2019-07-23

Mozilla Foundation reports:

CVE-2019-9815: Disable hyperthreading on content JavaScript threads on macOS

CVE-2019-9816: Type confusion with object groups and UnboxedObjects

CVE-2019-9817: Stealing of cross-domain images using canvas

CVE-2019-9818: Use-after-free in crash generation server

CVE-2019-9819: Compartment mismatch with fetch API

CVE-2019-9820: Use-after-free of ChromeEventHandler by DocShell

CVE-2019-9821: Use-after-free in AssertWorkerThread

CVE-2019-11691: Use-after-free in XMLHttpRequest

CVE-2019-11692: Use-after-free removing listeners in the event listener manager

CVE-2019-11693: Buffer overflow in WebGL bufferdata on Linux

CVE-2019-7317: Use-after-free in png_image_free of libpng library

CVE-2019-11694: Uninitialized memory memory leakage in Windows sandbox

CVE-2019-11695: Custom cursor can render over user interface outside of web content

CVE-2019-11696: Java web start .JNLP files are not recognized as executable files for download prompts

CVE-2019-11697: Pressing key combinations can bypass installation prompt delays and install extensions

CVE-2019-11698: Theft of user history data through drag and drop of hyperlinks to and from bookmarks

CVE-2019-11700: res: protocol can be used to open known local files

CVE-2019-11699: Incorrect domain name highlighting during page navigation

CVE-2019-11701: webcal: protocol default handler loads vulnerable web page

CVE-2019-9814: Memory safety bugs fixed in Firefox 67

CVE-2019-9800: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7

References

CVE Name CVE-2019-11691
CVE Name CVE-2019-11692
CVE Name CVE-2019-11693
CVE Name CVE-2019-11694
CVE Name CVE-2019-11695
CVE Name CVE-2019-11696
CVE Name CVE-2019-11697
CVE Name CVE-2019-11698
CVE Name CVE-2019-11699
CVE Name CVE-2019-11700
CVE Name CVE-2019-11701
CVE Name CVE-2019-7317
CVE Name CVE-2019-9800
CVE Name CVE-2019-9814
CVE Name CVE-2019-9815
CVE Name CVE-2019-9816
CVE Name CVE-2019-9817
CVE Name CVE-2019-9818
CVE Name CVE-2019-9819
CVE Name CVE-2019-9820
CVE Name CVE-2019-9821
URL https://www.mozilla.org/security/advisories/mfsa2019-13/
URL https://www.mozilla.org/security/advisories/mfsa2019-14/
URL https://www.mozilla.org/security/advisories/mfsa2019-15/