Log

CVE-2019-9788 created at 25 Sep 2019 19:31:40
Severity
+ Critical
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ Several memory safety bugs have been found in Firefox before 66.0. Some of these bugs showed evidence of memory corruption and Mozilla presumes that with enough effort some of these could be exploited to run arbitrary code.
References
+ https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9788
+ https://bugzilla.mozilla.org/buglist.cgi?bug_id=1518001%2C1521304%2C1521214%2C1506665%2C1516834%2C1518774%2C1524755%2C1523362%2C1524214%2C1529203
Notes
CVE-2019-9789 created at 25 Sep 2019 19:31:40
Severity
+ Critical
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ Several memory safety bugs have been found in Firefox before 66.0. Some of these bugs showed evidence of memory corruption and Mozilla presumes that with enough effort some of these could be exploited to run arbitrary code.
References
+ https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9789
+ https://bugzilla.mozilla.org/buglist.cgi?bug_id=1520483%2C1522987%2C1528199%2C1519337%2C1525549%2C1516179%2C1518524%2C1518331%2C1526579%2C1512567%2C1524335%2C1448505%2C1518821
Notes
CVE-2019-9790 created at 25 Sep 2019 19:31:40
Severity
+ Critical
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ A use-after-free vulnerability can occur in Firefox before 66.0 when a raw pointer to a DOM element on a page is obtained using JavaScript and the element is then removed while still in use. This results in a potentially exploitable crash.
References
+ https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9790
+ https://bugzilla.mozilla.org/show_bug.cgi?id=1525145
Notes
CVE-2019-9791 created at 25 Sep 2019 19:31:40
Severity
+ Critical
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ The type inference system in Firefox before 66.0 allows the compilation of functions that can cause type confusions between arbitrary objects when compiled through the IonMonkey just-in-time (JIT) compiler and when the constructor function is entered through on-stack replacement (OSR). This allows for possible arbitrary reading and writing of objects during an exploitable crash.
References
+ https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9791
+ https://bugzilla.mozilla.org/show_bug.cgi?id=1530958
Notes
CVE-2019-9792 created at 25 Sep 2019 19:31:40
Severity
+ Critical
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ The IonMonkey just-in-time (JIT) compiler in Firefox before 66.0 can leak an internal JS_OPTIMIZED_OUT magic value to the running script during a bailout. This magic value can then be used by JavaScript to achieve memory corruption, which results in a potentially exploitable crash.
References
+ https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9792
+ https://bugzilla.mozilla.org/show_bug.cgi?id=1532599
Notes
CVE-2019-9793 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ A mechanism was discovered in Firefox before 66.0 that removes some bounds checking for string, array, or typed array accesses if Spectre mitigations have been disabled. This vulnerability could allow an attacker to create an arbitrary value in compiled JavaScript, for which the range analysis will infer a fully controlled, incorrect range in circumstances where users have explicitly disabled Spectre mitigations. Note that Spectre mitigations are currently enabled for all users by default settings.
References
+ https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9793
+ https://bugzilla.mozilla.org/show_bug.cgi?id=1528829
Notes
CVE-2019-9795 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ A vulnerability has been found in Firefox before 66.0; where type-confusion in the IonMonkey just-in-time (JIT) compiler could potentially be used by malicious JavaScript to trigger a potentially exploitable crash.
References
+ https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9795
+ https://bugzilla.mozilla.org/show_bug.cgi?id=1514682
Notes
CVE-2019-9796 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ A use-after-free vulnerability can occur in Firefox before 66.0 when the SMIL animation controller incorrectly registers with the refresh driver twice when only a single registration is expected. When a registration is later freed with the removal of the animation controller element, the refresh driver incorrectly leaves a dangling pointer to the driver's observer array.
References
+ https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9796
+ https://bugzilla.mozilla.org/show_bug.cgi?id=1531277
Notes
CVE-2019-9797 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Same-origin policy bypass
Description
+ Cross-origin images can be read in violation of the same-origin policy, in Firefox before 66.0, by exporting an image after using createImageBitmap to read the image and then rendering the resulting bitmap image within a canvas element.
References
+ https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9797
+ https://bugzilla.mozilla.org/show_bug.cgi?id=1528909
Notes
CVE-2019-9799 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Information disclosure
Description
+ Insufficient bounds checking of data during inter-process communication in Firefox before 66.0 might allow a compromised content process to be able to read memory from the parent process under certain conditions.
References
+ https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9799
+ https://bugzilla.mozilla.org/show_bug.cgi?id=1505678
Notes