rpm package
opensuse/firefox-esr&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/firefox-esr&distro=openSUSE%20Tumbleweed
Vulnerabilities (2,106)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-9795 | — | < 128.5.1-1.1 | 128.5.1-1.1 | Apr 26, 2019 | A vulnerability where type-confusion in the IonMonkey just-in-time (JIT) compiler could potentially be used by malicious JavaScript to trigger a potentially exploitable crash. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66. | ||
| CVE-2019-9794 | — | < 128.5.1-1.1 | 128.5.1-1.1 | Apr 26, 2019 | A vulnerability was discovered where specific command line arguments are not properly discarded during Firefox invocation as a shell handler for URLs. This could be used to retrieve and execute files whose location is supplied through these command line arguments if Firefox is co | ||
| CVE-2019-9793 | — | < 128.5.1-1.1 | 128.5.1-1.1 | Apr 26, 2019 | A mechanism was discovered that removes some bounds checking for string, array, or typed array accesses if Spectre mitigations have been disabled. This vulnerability could allow an attacker to create an arbitrary value in compiled JavaScript, for which the range analysis will inf | ||
| CVE-2019-9792 | — | < 128.5.1-1.1 | 128.5.1-1.1 | Apr 26, 2019 | The IonMonkey just-in-time (JIT) compiler can leak an internal JS_OPTIMIZED_OUT magic value to the running script during a bailout. This magic value can then be used by JavaScript to achieve memory corruption, which results in a potentially exploitable crash. This vulnerability a | ||
| CVE-2019-9791 | — | < 128.5.1-1.1 | 128.5.1-1.1 | Apr 26, 2019 | The type inference system allows the compilation of functions that can cause type confusions between arbitrary objects when compiled through the IonMonkey just-in-time (JIT) compiler and when the constructor function is entered through on-stack replacement (OSR). This allows for | ||
| CVE-2019-9790 | — | < 128.5.1-1.1 | 128.5.1-1.1 | Apr 26, 2019 | A use-after-free vulnerability can occur when a raw pointer to a DOM element on a page is obtained using JavaScript and the element is then removed while still in use. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60 | ||
| CVE-2019-9789 | — | < 128.5.1-1.1 | 128.5.1-1.1 | Apr 26, 2019 | Mozilla developers and community members reported memory safety bugs present in Firefox 65. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firef | ||
| CVE-2019-9788 | — | < 128.5.1-1.1 | 128.5.1-1.1 | Apr 26, 2019 | Mozilla developers and community members reported memory safety bugs present in Firefox 65, Firefox ESR 60.5, and Thunderbird 60.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrar | ||
| CVE-2018-18511 | — | < 128.5.1-1.1 | 128.5.1-1.1 | Apr 26, 2019 | Cross-origin images can be read from a canvas element in violation of the same-origin policy using the transferFromImageBitmap method. *Note: This only affects Firefox 65. Previous versions are unaffected.*. This vulnerability affects Firefox < 65.0.1. | ||
| CVE-2019-9807 | — | < 128.5.1-1.1 | 128.5.1-1.1 | Apr 26, 2019 | When arbitrary text is sent over an FTP connection and a page reload is initiated, it is possible to create a modal alert message with this text as the content. This could potentially be used for social engineering attacks. This vulnerability affects Firefox < 66. | ||
| CVE-2019-9808 | — | < 128.5.1-1.1 | 128.5.1-1.1 | Apr 26, 2019 | If WebRTC permission is requested from documents with data: or blob: URLs, the permission notifications do not properly display the originating domain. The notification states "Unknown origin" as the requestee, leading to user confusion about which site is asking for this permiss | ||
| CVE-2019-9809 | — | < 128.5.1-1.1 | 128.5.1-1.1 | Apr 26, 2019 | If the source for resources on a page is through an FTP connection, it is possible to trigger a series of modal alert messages for these resources through invalid credentials or locations. These messages cannot be immediately dismissed, allowing for a denial of service (DOS) atta | ||
| CVE-2019-9810 | — | < 128.5.1-1.1 | 128.5.1-1.1 | Apr 26, 2019 | Incorrect alias information in IonMonkey JIT compiler for Array.prototype.slice method may lead to missing bounds check and a buffer overflow. This vulnerability affects Firefox < 66.0.1, Firefox ESR < 60.6.1, and Thunderbird < 60.6.1. | ||
| CVE-2019-9813 | — | < 128.5.1-1.1 | 128.5.1-1.1 | Apr 26, 2019 | Incorrect handling of __proto__ mutations may lead to type confusion in IonMonkey JIT code and can be leveraged for arbitrary memory read and write. This vulnerability affects Firefox < 66.0.1, Firefox ESR < 60.6.1, and Thunderbird < 60.6.1. | ||
| CVE-2018-18498 | — | < 128.5.1-1.1 | 128.5.1-1.1 | Feb 28, 2019 | A potential vulnerability leading to an integer overflow can occur during buffer size calculations for images when a raw value is used instead of the checked value. This leads to a possible out-of-bounds write. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, an | ||
| CVE-2018-18497 | — | < 128.5.1-1.1 | 128.5.1-1.1 | Feb 28, 2019 | Limitations on the URIs allowed to WebExtensions by the browser.windows.create API can be bypassed when a pipe in the URL field is used within the extension to load multiple pages as a single argument. This could allow a malicious WebExtension to open privileged about: or file: l | ||
| CVE-2018-18496 | — | < 128.5.1-1.1 | 128.5.1-1.1 | Feb 28, 2019 | When the RSS Feed preview about:feeds page is framed within another page, it can be used in concert with scripted content for a clickjacking attack that confuses users into downloading and executing an executable file from a temporary directory. *Note: This issue only affects Win | ||
| CVE-2018-18495 | — | < 128.5.1-1.1 | 128.5.1-1.1 | Feb 28, 2019 | WebExtension content scripts can be loaded into about: pages in some circumstances, in violation of the permissions granted to extensions. This could allow an extension to interfere with the loading and usage of these pages and use capabilities that were intended to be restricted | ||
| CVE-2018-18494 | — | < 128.5.1-1.1 | 128.5.1-1.1 | Feb 28, 2019 | A same-origin policy violation allowing the theft of cross-origin URL entries when using the Javascript location property to cause a redirection to another site using performance.getEntries(). This is a same-origin policy violation and could allow for data theft. This vulnerabili | ||
| CVE-2018-18493 | — | < 128.5.1-1.1 | 128.5.1-1.1 | Feb 28, 2019 | A buffer overflow can occur in the Skia library during buffer offset calculations with hardware accelerated canvas 2D actions due to the use of 32-bit calculations instead of 64-bit. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.4, F |
- CVE-2019-9795Apr 26, 2019affected < 128.5.1-1.1fixed 128.5.1-1.1
A vulnerability where type-confusion in the IonMonkey just-in-time (JIT) compiler could potentially be used by malicious JavaScript to trigger a potentially exploitable crash. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66.
- CVE-2019-9794Apr 26, 2019affected < 128.5.1-1.1fixed 128.5.1-1.1
A vulnerability was discovered where specific command line arguments are not properly discarded during Firefox invocation as a shell handler for URLs. This could be used to retrieve and execute files whose location is supplied through these command line arguments if Firefox is co
- CVE-2019-9793Apr 26, 2019affected < 128.5.1-1.1fixed 128.5.1-1.1
A mechanism was discovered that removes some bounds checking for string, array, or typed array accesses if Spectre mitigations have been disabled. This vulnerability could allow an attacker to create an arbitrary value in compiled JavaScript, for which the range analysis will inf
- CVE-2019-9792Apr 26, 2019affected < 128.5.1-1.1fixed 128.5.1-1.1
The IonMonkey just-in-time (JIT) compiler can leak an internal JS_OPTIMIZED_OUT magic value to the running script during a bailout. This magic value can then be used by JavaScript to achieve memory corruption, which results in a potentially exploitable crash. This vulnerability a
- CVE-2019-9791Apr 26, 2019affected < 128.5.1-1.1fixed 128.5.1-1.1
The type inference system allows the compilation of functions that can cause type confusions between arbitrary objects when compiled through the IonMonkey just-in-time (JIT) compiler and when the constructor function is entered through on-stack replacement (OSR). This allows for
- CVE-2019-9790Apr 26, 2019affected < 128.5.1-1.1fixed 128.5.1-1.1
A use-after-free vulnerability can occur when a raw pointer to a DOM element on a page is obtained using JavaScript and the element is then removed while still in use. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60
- CVE-2019-9789Apr 26, 2019affected < 128.5.1-1.1fixed 128.5.1-1.1
Mozilla developers and community members reported memory safety bugs present in Firefox 65. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firef
- CVE-2019-9788Apr 26, 2019affected < 128.5.1-1.1fixed 128.5.1-1.1
Mozilla developers and community members reported memory safety bugs present in Firefox 65, Firefox ESR 60.5, and Thunderbird 60.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrar
- CVE-2018-18511Apr 26, 2019affected < 128.5.1-1.1fixed 128.5.1-1.1
Cross-origin images can be read from a canvas element in violation of the same-origin policy using the transferFromImageBitmap method. *Note: This only affects Firefox 65. Previous versions are unaffected.*. This vulnerability affects Firefox < 65.0.1.
- CVE-2019-9807Apr 26, 2019affected < 128.5.1-1.1fixed 128.5.1-1.1
When arbitrary text is sent over an FTP connection and a page reload is initiated, it is possible to create a modal alert message with this text as the content. This could potentially be used for social engineering attacks. This vulnerability affects Firefox < 66.
- CVE-2019-9808Apr 26, 2019affected < 128.5.1-1.1fixed 128.5.1-1.1
If WebRTC permission is requested from documents with data: or blob: URLs, the permission notifications do not properly display the originating domain. The notification states "Unknown origin" as the requestee, leading to user confusion about which site is asking for this permiss
- CVE-2019-9809Apr 26, 2019affected < 128.5.1-1.1fixed 128.5.1-1.1
If the source for resources on a page is through an FTP connection, it is possible to trigger a series of modal alert messages for these resources through invalid credentials or locations. These messages cannot be immediately dismissed, allowing for a denial of service (DOS) atta
- CVE-2019-9810Apr 26, 2019affected < 128.5.1-1.1fixed 128.5.1-1.1
Incorrect alias information in IonMonkey JIT compiler for Array.prototype.slice method may lead to missing bounds check and a buffer overflow. This vulnerability affects Firefox < 66.0.1, Firefox ESR < 60.6.1, and Thunderbird < 60.6.1.
- CVE-2019-9813Apr 26, 2019affected < 128.5.1-1.1fixed 128.5.1-1.1
Incorrect handling of __proto__ mutations may lead to type confusion in IonMonkey JIT code and can be leveraged for arbitrary memory read and write. This vulnerability affects Firefox < 66.0.1, Firefox ESR < 60.6.1, and Thunderbird < 60.6.1.
- CVE-2018-18498Feb 28, 2019affected < 128.5.1-1.1fixed 128.5.1-1.1
A potential vulnerability leading to an integer overflow can occur during buffer size calculations for images when a raw value is used instead of the checked value. This leads to a possible out-of-bounds write. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, an
- CVE-2018-18497Feb 28, 2019affected < 128.5.1-1.1fixed 128.5.1-1.1
Limitations on the URIs allowed to WebExtensions by the browser.windows.create API can be bypassed when a pipe in the URL field is used within the extension to load multiple pages as a single argument. This could allow a malicious WebExtension to open privileged about: or file: l
- CVE-2018-18496Feb 28, 2019affected < 128.5.1-1.1fixed 128.5.1-1.1
When the RSS Feed preview about:feeds page is framed within another page, it can be used in concert with scripted content for a clickjacking attack that confuses users into downloading and executing an executable file from a temporary directory. *Note: This issue only affects Win
- CVE-2018-18495Feb 28, 2019affected < 128.5.1-1.1fixed 128.5.1-1.1
WebExtension content scripts can be loaded into about: pages in some circumstances, in violation of the permissions granted to extensions. This could allow an extension to interfere with the loading and usage of these pages and use capabilities that were intended to be restricted
- CVE-2018-18494Feb 28, 2019affected < 128.5.1-1.1fixed 128.5.1-1.1
A same-origin policy violation allowing the theft of cross-origin URL entries when using the Javascript location property to cause a redirection to another site using performance.getEntries(). This is a same-origin policy violation and could allow for data theft. This vulnerabili
- CVE-2018-18493Feb 28, 2019affected < 128.5.1-1.1fixed 128.5.1-1.1
A buffer overflow can occur in the Skia library during buffer offset calculations with hardware accelerated canvas 2D actions due to the use of 32-bit calculations instead of 64-bit. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.4, F
Page 54 of 106