Log

CVE-2019-9811 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Sandbox escape
Description
+ A sandbox escape has been found in Firefox before 68.0, by installing a malicious language pack and then opening a browser feature that used the compromised translation.
References
+ https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-9811
+ https://bugzilla.mozilla.org/show_bug.cgi?id=1538007
+ https://bugzilla.mozilla.org/show_bug.cgi?id=1539598
+ https://bugzilla.mozilla.org/show_bug.cgi?id=1539759
+ https://bugzilla.mozilla.org/show_bug.cgi?id=1523741
+ https://bugzilla.mozilla.org/show_bug.cgi?id=1563327
Notes
CVE-2019-9812 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Sandbox escape
Description
+ In Firefox before 69.0, given a compromised sandboxed content process due to a separate vulnerability, it is possible to escape that sandbox by loading accounts.firefox.com in that process and forcing a log-in to a malicious Firefox Sync account. Preference settings that disable the sandbox are then synchronized to the local machine and the compromised browser would restart without the sandbox if a crash is triggered.
References
+ https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/#CVE-2019-9812
+ https://bugzilla.mozilla.org/show_bug.cgi?id=1538008
+ https://bugzilla.mozilla.org/show_bug.cgi?id=1538015
Notes
CVE-2019-9813 created at 25 Sep 2019 19:31:40
Severity
+ Critical
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ An incorrect handling of __proto__ mutations may lead to type confusion in the IonMonkey JIT code of Firefox before 66.0.1 and Thunderbird before 60.6.1, and can be leveraged for arbitrary memory read and write.
References
+ https://www.mozilla.org/en-US/security/advisories/mfsa2019-09/#CVE-2019-9813
+ https://www.mozilla.org/en-US/security/advisories/mfsa2019-12/#CVE-2019-9813
+ https://bugzilla.mozilla.org/show_bug.cgi?id=1538006
Notes
CVE-2019-9814 created at 25 Sep 2019 19:31:40
Severity
+ Critical
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ Several memory safety bugs have been found in Firefox before 67.0. Some of these bugs showed evidence of memory corruption and Mozilla presumes that with enough effort some of these could be exploited to run arbitrary code.
References
+ https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-9814
+ https://bugzilla.mozilla.org/buglist.cgi?bug_id=1527592%2C1534536%2C1520132%2C1543159%2C1539393%2C1459932%2C1459182%2C1516425
Notes
CVE-2019-9816 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Access restriction bypass
Description
+ A possible vulnerability exists in Firefox before 67.0 and Thunderbird before 60.7.0, where type confusion can occur when manipulating JavaScript objects in object groups, allowing for the bypassing of security checks within these groups. Note that this vulnerability has only been demonstrated with UnboxedObjects, which are disabled by default on all supported releases.
References
+ https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-9816
+ https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-9816
+ https://bugzilla.mozilla.org/show_bug.cgi?id=1536768
Notes
CVE-2019-9817 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Same-origin policy bypass
Description
+ In Firefox before 67.0 and Thunderbird before 60.7.0, images from a different domain can be read using a canvas object in some circumstances. This could be used to steal image data from a different site in violation of same-origin policy.
References
+ https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-9817
+ https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-9817
+ https://bugzilla.mozilla.org/show_bug.cgi?id=1540221
Notes
CVE-2019-9819 created at 25 Sep 2019 19:31:40
Severity
+ Critical
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ A vulnerability where a JavaScript compartment mismatch can occur in Firefox before 67.0 and Thunderbird before 60.7.0, while working with the fetch API, resulting in a potentially exploitable crash.
References
+ https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-9819
+ https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-9819
+ https://bugzilla.mozilla.org/show_bug.cgi?id=1532553
Notes
CVE-2019-9820 created at 25 Sep 2019 19:31:40
Severity
+ Critical
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ A use-after-free vulnerability can occur in the chrome event handler of Firefox before 67.0 when it is freed while still in use. This results in a potentially exploitable crash.
References
+ https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-9820
+ https://bugzilla.mozilla.org/show_bug.cgi?id=1536405
Notes
CVE-2019-9821 created at 25 Sep 2019 19:31:40
Severity
+ Critical
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ A use-after-free vulnerability can occur in AssertWorkerThread in Firefox before 67.0, due to a race condition with shared workers. This results in a potentially exploitable crash.
References
+ https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-9821
+ https://bugzilla.mozilla.org/show_bug.cgi?id=1539125
Notes
CVE-2019-9848 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Arbitrary command execution
Description
+ An issue has been found in LibreOffice before 6.2.5, where documents can specify that pre-installed scripts can be executed on various document events such as mouse-over, etc. LibreOffice is typically also bundled with LibreLogo, a programmable turtle vector graphics script, which can be manipulated into executing arbitrary python commands. By using the document event feature to trigger LibreLogo to execute python contained within a document a malicious document could be constructed which would execute arbitrary python commands silently without warning.
+ In the fixed versions, LibreLogo cannot be called from a document event handler.
References
+ https://www.libreoffice.org/about-us/security/advisories/cve-2019-9848
+ https://github.com/LibreOffice/core/commit/5d47b7b3f6a134037f1f3d8c018505244d7be484
+ https://github.com/LibreOffice/core/commit/3dd024a28a98a9d4b4efc3c7ec6acaa94d2b25fd
Notes