Search Results (83133 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2019-11776 1 Eclipse 1 Business Intelligence And Reporting Tools 2024-11-21 6.1 Medium
In Eclipse BIRT versions 1.0 to 4.7, the Report Viewer allows Reflected XSS in URL parameter. Attacker can execute the payload in victim's browser context.
CVE-2019-11772 2 Eclipse, Redhat 4 Openj9, Enterprise Linux, Network Satellite and 1 more 2024-11-21 N/A
In Eclipse OpenJ9 prior to 0.15, the String.getBytes(int, int, byte[], int) method does not verify that the provided byte array is non-null nor that the provided index is in bounds when compiled by the JIT. This allows arbitrary writes to any 32-bit address or beyond the end of a byte array within Java code run under a SecurityManager.
CVE-2019-11764 3 Canonical, Mozilla, Redhat 5 Ubuntu Linux, Firefox, Firefox Esr and 2 more 2024-11-21 8.8 High
Mozilla developers and community members reported memory safety bugs present in Firefox 69 and Firefox ESR 68.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2.
CVE-2019-11763 3 Canonical, Mozilla, Redhat 5 Ubuntu Linux, Firefox, Firefox Esr and 2 more 2024-11-21 6.1 Medium
Failure to correctly handle null bytes when processing HTML entities resulted in Firefox incorrectly parsing these entities. This could have led to HTML comment text being treated as HTML which could have led to XSS in a web application under certain conditions. It could have also led to HTML entities being masked from filters - enabling the use of entities to mask the actual characters of interest from filters. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2.
CVE-2019-11761 3 Canonical, Mozilla, Redhat 5 Ubuntu Linux, Firefox, Firefox Esr and 2 more 2024-11-21 5.4 Medium
By using a form with a data URI it was possible to gain access to the privileged JSONView object that had been cloned into content. Impact from exposing this object appears to be minimal, however it was a bypass of existing defense in depth mechanisms. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2.
CVE-2019-11760 3 Canonical, Mozilla, Redhat 5 Ubuntu Linux, Firefox, Firefox Esr and 2 more 2024-11-21 8.8 High
A fixed-size stack buffer could overflow in nrappkit when doing WebRTC signaling. This resulted in a potentially exploitable crash in some instances. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2.
CVE-2019-11758 3 Canonical, Mozilla, Redhat 5 Ubuntu Linux, Firefox, Firefox Esr and 2 more 2024-11-21 8.8 High
Mozilla community member Philipp reported a memory safety bug present in Firefox 68 when 360 Total Security was installed. This bug showed evidence of memory corruption in the accessibility engine and we presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affects Firefox < 69, Thunderbird < 68.2, and Firefox ESR < 68.2.
CVE-2019-11751 2 Microsoft, Mozilla 3 Windows, Firefox, Firefox Esr 2024-11-21 8.8 High
Logging-related command line parameters are not properly sanitized when Firefox is launched by another program, such as when a user clicks on malicious links in a chat application. This can be used to write a log file to an arbitrary location such as the Windows 'Startup' folder. <br>*Note: this issue only affects Firefox on Windows operating systems.*. This vulnerability affects Firefox < 69 and Firefox ESR < 68.1.
CVE-2019-11748 2 Mozilla, Redhat 3 Firefox, Firefox Esr, Enterprise Linux 2024-11-21 6.5 Medium
WebRTC in Firefox will honor persisted permissions given to sites for access to microphone and camera resources even when in a third-party context. In light of recent high profile vulnerabilities in other software, a decision was made to no longer persist these permissions. This avoids the possibility of trusted WebRTC resources being invisibly embedded in web content and abusing permissions previously given by users. Users will now be prompted for permissions on each use. This vulnerability affects Firefox < 69 and Firefox ESR < 68.1.
CVE-2019-11745 6 Canonical, Debian, Mozilla and 3 more 29 Ubuntu Linux, Debian Linux, Firefox and 26 more 2024-11-21 8.8 High
When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71.
CVE-2019-11741 1 Mozilla 1 Firefox 2024-11-21 6.1 Medium
A compromised sandboxed content process can perform a Universal Cross-site Scripting (UXSS) attack on content from any site it can cause to be loaded in the same process. Because addons.mozilla.org and accounts.firefox.com have close ties to the Firefox product, malicious manipulation of these sites within the browser can potentially be used to modify a user's Firefox configuration. These two sites will now be isolated into their own process and not allowed to be loaded in a standard content process. This vulnerability affects Firefox < 69.
CVE-2019-11735 3 Mozilla, Opensuse, Redhat 4 Firefox, Firefox Esr, Leap and 1 more 2024-11-21 8.8 High
Mozilla developers and community members reported memory safety bugs present in Firefox 68 and Firefox ESR 68. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 69 and Firefox ESR < 68.1.
CVE-2019-11734 1 Mozilla 1 Firefox 2024-11-21 9.8 Critical
Mozilla developers and community members reported memory safety bugs present in Firefox 68. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 69.
CVE-2019-11720 2 Mozilla, Opensuse 2 Firefox, Leap 2024-11-21 6.1 Medium
Some unicode characters are incorrectly treated as whitespace during the parsing of web content instead of triggering parsing errors. This allows malicious code to then be processed, evading cross-site scripting (XSS) filtering. This vulnerability affects Firefox < 68.
CVE-2019-11718 2 Mozilla, Opensuse 2 Firefox, Leap 2024-11-21 5.3 Medium
Activity Stream can display content from sent from the Snippet Service website. This content is written to innerHTML on the Activity Stream page without sanitization, allowing for a potential access to other information available to the Activity Stream, such as browsing history, if the Snipper Service were compromised. This vulnerability affects Firefox < 68.
CVE-2019-11710 2 Mozilla, Opensuse 2 Firefox, Leap 2024-11-21 9.8 Critical
Mozilla developers and community members reported memory safety bugs present in Firefox 67. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 68.
CVE-2019-11705 2 Mozilla, Redhat 2 Thunderbird, Enterprise Linux 2024-11-21 9.8 Critical
A flaw in Thunderbird's implementation of iCal causes a stack buffer overflow in icalrecur_add_bydayrules when processing certain email messages, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7.1.
CVE-2019-11704 2 Mozilla, Redhat 2 Thunderbird, Enterprise Linux 2024-11-21 9.8 Critical
A flaw in Thunderbird's implementation of iCal causes a heap buffer overflow in icalmemory_strdup_and_dequote when processing certain email messages, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7.1.
CVE-2019-11703 2 Mozilla, Redhat 2 Thunderbird, Enterprise Linux 2024-11-21 9.8 Critical
A flaw in Thunderbird's implementation of iCal causes a heap buffer overflow in parser_get_next_char when processing certain email messages, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7.1.
CVE-2019-11701 1 Mozilla 1 Firefox 2024-11-21 N/A
The default webcal: protocol handler will load a web site vulnerable to cross-site scripting (XSS) attacks. This default was left in place as a legacy feature and has now been removed. *Note: this issue only affects users with an account on the vulnerable service. Other users are unaffected.*. This vulnerability affects Firefox < 67.