From b86805bbb8845b75723225707312ce114a7cb5ad Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 23 Jul 2019 14:00:51 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2019/1010xxx/CVE-2019-1010148.json | 56 +++++++++++++-- 2019/1010xxx/CVE-2019-1010149.json | 56 +++++++++++++-- 2019/1010xxx/CVE-2019-1010150.json | 56 +++++++++++++-- 2019/1010xxx/CVE-2019-1010152.json | 56 +++++++++++++-- 2019/1010xxx/CVE-2019-1010153.json | 56 +++++++++++++-- 2019/1010xxx/CVE-2019-1010155.json | 56 +++++++++++++-- 2019/1010xxx/CVE-2019-1010156.json | 56 +++++++++++++-- 2019/1010xxx/CVE-2019-1010162.json | 59 ++++++++++++++-- 2019/1010xxx/CVE-2019-1010169.json | 59 ++++++++++++++-- 2019/1010xxx/CVE-2019-1010170.json | 59 ++++++++++++++-- 2019/1010xxx/CVE-2019-1010171.json | 59 ++++++++++++++-- 2019/1010xxx/CVE-2019-1010202.json | 56 +++++++++++++-- 2019/1010xxx/CVE-2019-1010204.json | 56 +++++++++++++-- 2019/1010xxx/CVE-2019-1010205.json | 56 +++++++++++++-- 2019/1010xxx/CVE-2019-1010206.json | 56 +++++++++++++-- 2019/1010xxx/CVE-2019-1010207.json | 66 ++++++++++++++++-- 2019/1010xxx/CVE-2019-1010208.json | 56 +++++++++++++-- 2019/1010xxx/CVE-2019-1010209.json | 66 ++++++++++++++++-- 2019/1010xxx/CVE-2019-1010221.json | 56 +++++++++++++-- 2019/11xxx/CVE-2019-11691.json | 88 +++++++++++++++++++++++- 2019/11xxx/CVE-2019-11692.json | 88 +++++++++++++++++++++++- 2019/11xxx/CVE-2019-11693.json | 88 +++++++++++++++++++++++- 2019/11xxx/CVE-2019-11694.json | 88 +++++++++++++++++++++++- 2019/11xxx/CVE-2019-11695.json | 56 ++++++++++++++- 2019/11xxx/CVE-2019-11696.json | 56 ++++++++++++++- 2019/11xxx/CVE-2019-11697.json | 56 ++++++++++++++- 2019/11xxx/CVE-2019-11698.json | 88 +++++++++++++++++++++++- 2019/11xxx/CVE-2019-11699.json | 56 ++++++++++++++- 2019/11xxx/CVE-2019-11700.json | 56 ++++++++++++++- 2019/11xxx/CVE-2019-11701.json | 56 ++++++++++++++- 2019/11xxx/CVE-2019-11702.json | 56 ++++++++++++++- 2019/11xxx/CVE-2019-11703.json | 56 ++++++++++++++- 2019/11xxx/CVE-2019-11704.json | 56 ++++++++++++++- 2019/11xxx/CVE-2019-11705.json | 56 ++++++++++++++- 2019/11xxx/CVE-2019-11706.json | 56 ++++++++++++++- 2019/11xxx/CVE-2019-11707.json | 83 +++++++++++++++++++++- 2019/11xxx/CVE-2019-11708.json | 83 +++++++++++++++++++++- 2019/11xxx/CVE-2019-11709.json | 88 +++++++++++++++++++++++- 2019/11xxx/CVE-2019-11710.json | 56 ++++++++++++++- 2019/11xxx/CVE-2019-11711.json | 88 +++++++++++++++++++++++- 2019/11xxx/CVE-2019-11712.json | 88 +++++++++++++++++++++++- 2019/11xxx/CVE-2019-11713.json | 88 +++++++++++++++++++++++- 2019/11xxx/CVE-2019-11714.json | 56 ++++++++++++++- 2019/11xxx/CVE-2019-11715.json | 88 +++++++++++++++++++++++- 2019/11xxx/CVE-2019-11716.json | 56 ++++++++++++++- 2019/11xxx/CVE-2019-11717.json | 88 +++++++++++++++++++++++- 2019/11xxx/CVE-2019-11718.json | 56 ++++++++++++++- 2019/11xxx/CVE-2019-11719.json | 88 +++++++++++++++++++++++- 2019/11xxx/CVE-2019-11720.json | 56 ++++++++++++++- 2019/11xxx/CVE-2019-11721.json | 56 ++++++++++++++- 2019/11xxx/CVE-2019-11723.json | 56 ++++++++++++++- 2019/11xxx/CVE-2019-11724.json | 56 ++++++++++++++- 2019/11xxx/CVE-2019-11725.json | 56 ++++++++++++++- 2019/11xxx/CVE-2019-11727.json | 56 ++++++++++++++- 2019/11xxx/CVE-2019-11728.json | 56 ++++++++++++++- 2019/11xxx/CVE-2019-11729.json | 88 +++++++++++++++++++++++- 2019/11xxx/CVE-2019-11730.json | 88 +++++++++++++++++++++++- 2019/12xxx/CVE-2019-12934.json | 5 ++ 2019/9xxx/CVE-2019-9800.json | 96 ++++++++++++++++++++++++-- 2019/9xxx/CVE-2019-9811.json | 106 +++++++++++++++++++++++++++-- 2019/9xxx/CVE-2019-9814.json | 64 +++++++++++++++-- 2019/9xxx/CVE-2019-9815.json | 101 +++++++++++++++++++++++++-- 2019/9xxx/CVE-2019-9816.json | 96 ++++++++++++++++++++++++-- 2019/9xxx/CVE-2019-9817.json | 96 ++++++++++++++++++++++++-- 2019/9xxx/CVE-2019-9818.json | 96 ++++++++++++++++++++++++-- 2019/9xxx/CVE-2019-9819.json | 96 ++++++++++++++++++++++++-- 2019/9xxx/CVE-2019-9820.json | 96 ++++++++++++++++++++++++-- 2019/9xxx/CVE-2019-9821.json | 64 +++++++++++++++-- 68 files changed, 4344 insertions(+), 298 deletions(-) diff --git a/2019/1010xxx/CVE-2019-1010148.json b/2019/1010xxx/CVE-2019-1010148.json index 014dae35057..a2579d8b206 100644 --- a/2019/1010xxx/CVE-2019-1010148.json +++ b/2019/1010xxx/CVE-2019-1010148.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "cve-assign@distributedweaknessfiling.org", "ID": "CVE-2019-1010148", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "zzcms", + "product": { + "product_data": [ + { + "product_name": "zzcms", + "version": { + "version_data": [ + { + "version_value": "\u2264 8.3" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "zzcms version 8.3 and earlier is affected by: SQL Injection. The impact is: zzcms File Delete to Code Execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "SQL Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://gist.github.com/Lz1y/acd1bfd0cc0e0f53b8f781840e7bf368", + "refsource": "MISC", + "name": "https://gist.github.com/Lz1y/acd1bfd0cc0e0f53b8f781840e7bf368" } ] } diff --git a/2019/1010xxx/CVE-2019-1010149.json b/2019/1010xxx/CVE-2019-1010149.json index 9e6b0dbfe3e..88b14392ad3 100644 --- a/2019/1010xxx/CVE-2019-1010149.json +++ b/2019/1010xxx/CVE-2019-1010149.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "cve-assign@distributedweaknessfiling.org", "ID": "CVE-2019-1010149", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "zzcms", + "product": { + "product_data": [ + { + "product_name": "zzcms", + "version": { + "version_data": [ + { + "version_value": "\u2264 8.3" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "zzcms version 8.3 and earlier is affected by: File Delete to Code Execution. The impact is: zzcms File Delete to Code Execution. The component is: user/licence_save.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "File Delete to Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://gist.github.com/Lz1y/e82eb9cc776e629b9d1874dc689421eb", + "refsource": "MISC", + "name": "https://gist.github.com/Lz1y/e82eb9cc776e629b9d1874dc689421eb" } ] } diff --git a/2019/1010xxx/CVE-2019-1010150.json b/2019/1010xxx/CVE-2019-1010150.json index bda06f0cd6c..95ebc7cad36 100644 --- a/2019/1010xxx/CVE-2019-1010150.json +++ b/2019/1010xxx/CVE-2019-1010150.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "cve-assign@distributedweaknessfiling.org", "ID": "CVE-2019-1010150", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "zzcms", + "product": { + "product_data": [ + { + "product_name": "zzcms", + "version": { + "version_data": [ + { + "version_value": "\u2264 8.3" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "zzcms 8.3 and earlier is affected by: File Delete to Code Execution. The impact is: getshell. The component is: /user/zssave.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "File Delete to Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://gist.github.com/Lz1y/7ab529230c43dfc5441ac32dd13e3e5b", + "refsource": "MISC", + "name": "https://gist.github.com/Lz1y/7ab529230c43dfc5441ac32dd13e3e5b" } ] } diff --git a/2019/1010xxx/CVE-2019-1010152.json b/2019/1010xxx/CVE-2019-1010152.json index 556b28e87e0..f7cbd81d549 100644 --- a/2019/1010xxx/CVE-2019-1010152.json +++ b/2019/1010xxx/CVE-2019-1010152.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "cve-assign@distributedweaknessfiling.org", "ID": "CVE-2019-1010152", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "zzcms", + "product": { + "product_data": [ + { + "product_name": "zzcms", + "version": { + "version_data": [ + { + "version_value": "\u2264 8.3" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "zzcms 8.3 and earlier is affected by: File Delete to Code Execution. The impact is: getshell. The component is: user/manage.php line 31-80." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "File Delete to Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://gist.github.com/Lz1y/cfb2f8179003b91404ad029333508f4c", + "refsource": "MISC", + "name": "https://gist.github.com/Lz1y/cfb2f8179003b91404ad029333508f4c" } ] } diff --git a/2019/1010xxx/CVE-2019-1010153.json b/2019/1010xxx/CVE-2019-1010153.json index 49f74d23305..7d9b0fb701b 100644 --- a/2019/1010xxx/CVE-2019-1010153.json +++ b/2019/1010xxx/CVE-2019-1010153.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "cve-assign@distributedweaknessfiling.org", "ID": "CVE-2019-1010153", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "zzcms", + "product": { + "product_data": [ + { + "product_name": "zzcms", + "version": { + "version_data": [ + { + "version_value": "\u2264 8.3" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "zzcms 8.3 and earlier is affected by: SQL Injection. The impact is: sql inject. The component is: zs/subzs.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "SQL Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://gist.github.com/Lz1y/31595b060cd6a031896fdf2b3a1273f5", + "refsource": "MISC", + "name": "https://gist.github.com/Lz1y/31595b060cd6a031896fdf2b3a1273f5" } ] } diff --git a/2019/1010xxx/CVE-2019-1010155.json b/2019/1010xxx/CVE-2019-1010155.json index 49d8b51e7c9..05be2bdbdd7 100644 --- a/2019/1010xxx/CVE-2019-1010155.json +++ b/2019/1010xxx/CVE-2019-1010155.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "cve-assign@distributedweaknessfiling.org", "ID": "CVE-2019-1010155", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "DSL-2750U", + "version": { + "version_data": [ + { + "version_value": "1.11" + } + ] + } + } + ] + }, + "vendor_name": "D-Link" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "D-Link DSL-2750U 1.11 is affected by: Authentication Bypass. The impact is: denial of service and information leakage. The component is: login." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Authentication Bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://youtu.be/BQQbp2vn_wY", + "refsource": "MISC", + "name": "https://youtu.be/BQQbp2vn_wY" } ] } diff --git a/2019/1010xxx/CVE-2019-1010156.json b/2019/1010xxx/CVE-2019-1010156.json index 1a3ec4554b6..7cdfa0ddcee 100644 --- a/2019/1010xxx/CVE-2019-1010156.json +++ b/2019/1010xxx/CVE-2019-1010156.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "cve-assign@distributedweaknessfiling.org", "ID": "CVE-2019-1010156", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "DSL-2750U", + "version": { + "version_data": [ + { + "version_value": "Firmware 1.11" + } + ] + } + } + ] + }, + "vendor_name": "D-Link" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "D-Link DSL-2750U Firmware 1.11 is affected by: Authentication Bypass. The impact is: denial of service and information leakage. The component is: login form." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Authentication Bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://youtu.be/BQQbp2vn_wY", + "refsource": "MISC", + "name": "https://youtu.be/BQQbp2vn_wY" } ] } diff --git a/2019/1010xxx/CVE-2019-1010162.json b/2019/1010xxx/CVE-2019-1010162.json index 7dec5d7acd7..7aabc22eed0 100644 --- a/2019/1010xxx/CVE-2019-1010162.json +++ b/2019/1010xxx/CVE-2019-1010162.json @@ -1,17 +1,64 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "cve-assign@distributedweaknessfiling.org", "ID": "CVE-2019-1010162", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "jsi", + "product": { + "product_data": [ + { + "product_name": "jsi", + "version": { + "version_data": [ + { + "version_value": "2.4.74" + }, + { + "version_value": "2.0474 [fixed: 2.4.77]" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "jsish 2.4.74 2.0474 is affected by: CWE-476: NULL Pointer Dereference. The impact is: denial of service. The component is: function Jsi_StrcmpDict (jsiChar.c:121). The attack vector is: The victim must execute crafted javascript code. The fixed version is: 2.4.77." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-476: NULL Pointer Dereference" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://jsish.org/fossil/jsi/tktview/5533c4d665b9683eebe4d662493f15eb911d1c8f", + "url": "https://jsish.org/fossil/jsi/tktview/5533c4d665b9683eebe4d662493f15eb911d1c8f" } ] } diff --git a/2019/1010xxx/CVE-2019-1010169.json b/2019/1010xxx/CVE-2019-1010169.json index ab40e48c3a7..03475345243 100644 --- a/2019/1010xxx/CVE-2019-1010169.json +++ b/2019/1010xxx/CVE-2019-1010169.json @@ -1,17 +1,64 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "cve-assign@distributedweaknessfiling.org", "ID": "CVE-2019-1010169", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jsish", + "product": { + "product_data": [ + { + "product_name": "Jsi", + "version": { + "version_data": [ + { + "version_value": "2.4.77" + }, + { + "version_value": "2.0477 [fixed: 2.4.78]" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Jsish 2.4.77 2.0477 is affected by: Out-of-bounds Read. The impact is: denial of service. The component is: function lexer_getchar (jsiLexer.c:9). The attack vector is: executing crafted javascript code. The fixed version is: 2.4.78." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds Read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jsish.org/fossil/jsi/tktview/3a069014976f3422d9d96821dc555c8326c02ae3", + "refsource": "MISC", + "name": "https://jsish.org/fossil/jsi/tktview/3a069014976f3422d9d96821dc555c8326c02ae3" } ] } diff --git a/2019/1010xxx/CVE-2019-1010170.json b/2019/1010xxx/CVE-2019-1010170.json index 18fd8a1b851..9617261c991 100644 --- a/2019/1010xxx/CVE-2019-1010170.json +++ b/2019/1010xxx/CVE-2019-1010170.json @@ -1,17 +1,64 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "cve-assign@distributedweaknessfiling.org", "ID": "CVE-2019-1010170", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jsish", + "product": { + "product_data": [ + { + "product_name": "Jsi", + "version": { + "version_data": [ + { + "version_value": "2.4.77" + }, + { + "version_value": "2.0477 [fixed: 2.4.78]" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Jsish 2.4.77 2.0477 is affected by: Use After Free. The impact is: denial of service. The component is: function Jsi_ObjFree (jsiObj.c:230). The attack vector is: executing crafted javascript code. The fixed version is: 2.4.78." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use After Free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://jsish.org/fossil/jsi/tktview/870f496bb8a707491df8026e2ff78b33a5cf44c1", + "url": "https://jsish.org/fossil/jsi/tktview/870f496bb8a707491df8026e2ff78b33a5cf44c1" } ] } diff --git a/2019/1010xxx/CVE-2019-1010171.json b/2019/1010xxx/CVE-2019-1010171.json index 262c6251b2c..606b0429fb3 100644 --- a/2019/1010xxx/CVE-2019-1010171.json +++ b/2019/1010xxx/CVE-2019-1010171.json @@ -1,17 +1,64 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "cve-assign@distributedweaknessfiling.org", "ID": "CVE-2019-1010171", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jsish", + "product": { + "product_data": [ + { + "product_name": "Jsi", + "version": { + "version_data": [ + { + "version_value": "2.4.83" + }, + { + "version_value": "2.0483 [fixed: 2.4.84]" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Jsish 2.4.83 2.0483 is affected by: Nullpointer dereference. The impact is: denial of service. The component is: function jsi_DumpFunctions (jsiEval.c:567). The attack vector is: executing crafted javascript code. The fixed version is: 2.4.84." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Nullpointer dereference" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://jsish.org/fossil/jsi/tktview/a3026a7c06e0f41af461aa0bc2f7a7e886209390", + "url": "https://jsish.org/fossil/jsi/tktview/a3026a7c06e0f41af461aa0bc2f7a7e886209390" } ] } diff --git a/2019/1010xxx/CVE-2019-1010202.json b/2019/1010xxx/CVE-2019-1010202.json index 35769c1c6dc..9798b50849b 100644 --- a/2019/1010xxx/CVE-2019-1010202.json +++ b/2019/1010xxx/CVE-2019-1010202.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "cve-assign@distributedweaknessfiling.org", "ID": "CVE-2019-1010202", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Jeesite", + "version": { + "version_data": [ + { + "version_value": "1.2.7 [fixed: 4.0 and later]" + } + ] + } + } + ] + }, + "vendor_name": "Jeesite" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Jeesite 1.2.7 is affected by: XML External Entity (XXE). The impact is: sensitive information disclosure. The component is: convertToModel() function in src/main/java/com.thinkgem.jeesite/modules/act/service/ActProcessService.java. The attack vector is: network connectivity,authenticated,must upload a specially crafted xml file. The fixed version is: 4.0 and later." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "XML External Entity (XXE)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/thinkgem/jeesite/blob/master/src/main/java/com/thinkgem/jeesite/modules/act/service/ActProcessService.java", + "refsource": "MISC", + "name": "https://github.com/thinkgem/jeesite/blob/master/src/main/java/com/thinkgem/jeesite/modules/act/service/ActProcessService.java" } ] } diff --git a/2019/1010xxx/CVE-2019-1010204.json b/2019/1010xxx/CVE-2019-1010204.json index fa05ad7623f..2d969efca65 100644 --- a/2019/1010xxx/CVE-2019-1010204.json +++ b/2019/1010xxx/CVE-2019-1010204.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "cve-assign@distributedweaknessfiling.org", "ID": "CVE-2019-1010204", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "gold", + "version": { + "version_data": [ + { + "version_value": "gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1)" + } + ] + } + } + ] + }, + "vendor_name": "GNU binutils" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "GNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1) is affected by: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read. The impact is: Denial of service. The component is: gold/fileread.cc:497, elfcpp/elfcpp_file.h:644. The attack vector is: An ELF file with an invalid e_shoff header field must be opened." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=23765", + "refsource": "MISC", + "name": "https://sourceware.org/bugzilla/show_bug.cgi?id=23765" } ] } diff --git a/2019/1010xxx/CVE-2019-1010205.json b/2019/1010xxx/CVE-2019-1010205.json index 786ec810b53..01df7668520 100644 --- a/2019/1010xxx/CVE-2019-1010205.json +++ b/2019/1010xxx/CVE-2019-1010205.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "cve-assign@distributedweaknessfiling.org", "ID": "CVE-2019-1010205", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "hublin", + "version": { + "version_data": [ + { + "version_value": "latest (commit 72ead897082403126bf8df9264e70f0a9de247ff)" + } + ] + } + } + ] + }, + "vendor_name": "LINAGORA" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "LINAGORA hublin latest (commit 72ead897082403126bf8df9264e70f0a9de247ff) is affected by: Directory Traversal. The impact is: The vulnerability allows an attacker to access any file (with a fixed extension) on the server. The component is: A web-view renderer; details here: https://lgtm.com/projects/g/linagora/hublin/snapshot/af9f1ce253b4ee923ff8da8f9d908d02a8e95b7f/files/backend/webserver/views.js?sort=name&dir=ASC&mode=heatmap&showExcluded=false#xb24eb0101d2aec21:1. The attack vector is: Attacker sends a specially crafted HTTP request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Directory Traversal" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://lgtm.com/projects/g/linagora/hublin/snapshot/af9f1ce253b4ee923ff8da8f9d908d02a8e95b7f/files/backend/webserver/views.js?sort=name&dir=ASC&mode=heatmap&showExcluded=false#xb24eb0101d2aec21:1", + "refsource": "MISC", + "name": "https://lgtm.com/projects/g/linagora/hublin/snapshot/af9f1ce253b4ee923ff8da8f9d908d02a8e95b7f/files/backend/webserver/views.js?sort=name&dir=ASC&mode=heatmap&showExcluded=false#xb24eb0101d2aec21:1" } ] } diff --git a/2019/1010xxx/CVE-2019-1010206.json b/2019/1010xxx/CVE-2019-1010206.json index 93c6aac7a08..9c763cb68f4 100644 --- a/2019/1010xxx/CVE-2019-1010206.json +++ b/2019/1010xxx/CVE-2019-1010206.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "cve-assign@distributedweaknessfiling.org", "ID": "CVE-2019-1010206", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Http Request (Apache Cordova Plugin)", + "version": { + "version_data": [ + { + "version_value": "6" + } + ] + } + } + ] + }, + "vendor_name": "OSS" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "OSS Http Request (Apache Cordova Plugin) 6 is affected by: Missing SSL certificate validation. The impact is: certificate spoofing. The component is: use this library when https communication. The attack vector is: certificate spoofing." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Missing SSL certificate validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/kevinsawicki/http-request/blob/master/lib/src/main/java/com/github/kevinsawicki/http/HttpRequest.java", + "refsource": "MISC", + "name": "https://github.com/kevinsawicki/http-request/blob/master/lib/src/main/java/com/github/kevinsawicki/http/HttpRequest.java" } ] } diff --git a/2019/1010xxx/CVE-2019-1010207.json b/2019/1010xxx/CVE-2019-1010207.json index c8eecd444da..37c0423855b 100644 --- a/2019/1010xxx/CVE-2019-1010207.json +++ b/2019/1010xxx/CVE-2019-1010207.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "cve-assign@distributedweaknessfiling.org", "ID": "CVE-2019-1010207", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Pie Register", + "version": { + "version_data": [ + { + "version_value": "3.0.15 [fixed: 3.0.16]" + } + ] + } + } + ] + }, + "vendor_name": "Genetechsolutions" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Genetechsolutions Pie Register 3.0.15 is affected by: Cross Site Scripting (XSS). The impact is: Stealing of session cookies. The component is: File: Login. Parameters: interim-login, wp-lang, and supplied URL. The attack vector is: If a victim clicks a malicious link, the attacker can steal his/her account. The fixed version is: 3.0.16." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross Site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://seclists.org/bugtraq/2018/Oct/16", + "refsource": "MISC", + "name": "https://seclists.org/bugtraq/2018/Oct/16" + }, + { + "url": "https://packetstormsecurity.com/files/149665/wppieregister3015-xss.txt", + "refsource": "MISC", + "name": "https://packetstormsecurity.com/files/149665/wppieregister3015-xss.txt" + }, + { + "url": "https://0day.today/exploit/31255", + "refsource": "MISC", + "name": "https://0day.today/exploit/31255" } ] } diff --git a/2019/1010xxx/CVE-2019-1010208.json b/2019/1010xxx/CVE-2019-1010208.json index 378d135b254..381168218d5 100644 --- a/2019/1010xxx/CVE-2019-1010208.json +++ b/2019/1010xxx/CVE-2019-1010208.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "cve-assign@distributedweaknessfiling.org", "ID": "CVE-2019-1010208", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Veracrypt, Truecrypt", + "version": { + "version_data": [ + { + "version_value": "Prior to 1.23-Hotfix-1 (Veracrypt), all versions (Truecrypt) [fixed: 1.23-Hotfix-1]" + } + ] + } + } + ] + }, + "vendor_name": "IDRIX, Truecrypt" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IDRIX, Truecrypt Veracrypt, Truecrypt Prior to 1.23-Hotfix-1 (Veracrypt), all versions (Truecrypt) is affected by: Buffer Overflow. The impact is: Minor information disclosure of kernel stack. The component is: Veracrypt NT Driver (veracrypt.sys). The attack vector is: Locally executed code, IOCTL request to driver. The fixed version is: 1.23-Hotfix-1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/veracrypt/VeraCrypt/commit/f30f9339c9a0b9bbcc6f5ad38804af39db1f479e", + "refsource": "MISC", + "name": "https://github.com/veracrypt/VeraCrypt/commit/f30f9339c9a0b9bbcc6f5ad38804af39db1f479e" } ] } diff --git a/2019/1010xxx/CVE-2019-1010209.json b/2019/1010xxx/CVE-2019-1010209.json index fe5ba700d6e..b3edbcb4e3e 100644 --- a/2019/1010xxx/CVE-2019-1010209.json +++ b/2019/1010xxx/CVE-2019-1010209.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "cve-assign@distributedweaknessfiling.org", "ID": "CVE-2019-1010209", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "GoURL Wordpress Plugin", + "version": { + "version_data": [ + { + "version_value": "1.4.13 and earlier [fixed: 1.4.14]" + } + ] + } + } + ] + }, + "vendor_name": "GoUrl.io" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "GoUrl.io GoURL Wordpress Plugin 1.4.13 and earlier is affected by: CWE-434. The impact is: unauthenticated/unzuthorized Attacker can upload executable file in website. The component is: gourl.php#L5637. The fixed version is: 1.4.14." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-434" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.youtube.com/watch?v=K2HElM_ZYu4", + "refsource": "MISC", + "name": "https://www.youtube.com/watch?v=K2HElM_ZYu4" + }, + { + "url": "https://gist.github.com/pouyadarabi/467d3167551fb0712d3264c72db092af", + "refsource": "MISC", + "name": "https://gist.github.com/pouyadarabi/467d3167551fb0712d3264c72db092af" + }, + { + "url": "https://github.com/cryptoapi/Bitcoin-Wordpress-Plugin/blob/8aa17068d7ba31a05f66e0ab2bbb55efb0f60017/gourl.php#L5637", + "refsource": "MISC", + "name": "https://github.com/cryptoapi/Bitcoin-Wordpress-Plugin/blob/8aa17068d7ba31a05f66e0ab2bbb55efb0f60017/gourl.php#L5637" } ] } diff --git a/2019/1010xxx/CVE-2019-1010221.json b/2019/1010xxx/CVE-2019-1010221.json index 1350907f639..d32d7d28f0c 100644 --- a/2019/1010xxx/CVE-2019-1010221.json +++ b/2019/1010xxx/CVE-2019-1010221.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "cve-assign@distributedweaknessfiling.org", "ID": "CVE-2019-1010221", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "LineageOS", + "version": { + "version_data": [ + { + "version_value": "16.0 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "LineageOS" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "LineageOS 16.0 and earlier is affected by: Incorrect Access Control. The impact is: The property checked by `adb root` can also be set in a normal adb shell session. The component is: adb shell (patches to fix this are at https://review.lineageos.org/c/LineageOS/android_system_core/+/234800, https://review.lineageos.org/c/LineageOS/android_device_lineage_sepolicy/+/234799). The attack vector is: When adb is enabled, and an attacker has physical access, `adb shell setprop service.adb.root 1` allows restarting adb as root." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Incorrect Access Control" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://gist.github.com/zifnab06/e31ad63596b63a95e061bfe1f49ff0a7", + "refsource": "MISC", + "name": "https://gist.github.com/zifnab06/e31ad63596b63a95e061bfe1f49ff0a7" } ] } diff --git a/2019/11xxx/CVE-2019-11691.json b/2019/11xxx/CVE-2019-11691.json index 9c7014ff2f5..898ea571293 100644 --- a/2019/11xxx/CVE-2019-11691.json +++ b/2019/11xxx/CVE-2019-11691.json @@ -4,14 +4,96 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-11691", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_value": "60.7", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_value": "67", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_value": "60.7", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use-after-free in XMLHttpRequest" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mozilla.org/security/advisories/mfsa2019-13/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2019-13/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2019-15/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2019-15/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2019-14/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2019-14/" + }, + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1542465", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1542465" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A use-after-free vulnerability can occur when working with XMLHttpRequest (XHR) in an event loop, causing the XHR main thread to be called after it has been freed. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7." } ] } diff --git a/2019/11xxx/CVE-2019-11692.json b/2019/11xxx/CVE-2019-11692.json index ac9aaf984ed..0ce82f122ae 100644 --- a/2019/11xxx/CVE-2019-11692.json +++ b/2019/11xxx/CVE-2019-11692.json @@ -4,14 +4,96 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-11692", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_value": "60.7", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_value": "67", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_value": "60.7", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use-after-free removing listeners in the event listener manager" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mozilla.org/security/advisories/mfsa2019-13/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2019-13/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2019-15/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2019-15/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2019-14/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2019-14/" + }, + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1544670", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1544670" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A use-after-free vulnerability can occur when listeners are removed from the event listener manager while still in use, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7." } ] } diff --git a/2019/11xxx/CVE-2019-11693.json b/2019/11xxx/CVE-2019-11693.json index 191a6135810..7ec85aa8515 100644 --- a/2019/11xxx/CVE-2019-11693.json +++ b/2019/11xxx/CVE-2019-11693.json @@ -4,14 +4,96 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-11693", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_value": "60.7", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_value": "67", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_value": "60.7", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer overflow in WebGL bufferdata on Linux" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mozilla.org/security/advisories/mfsa2019-13/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2019-13/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2019-15/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2019-15/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2019-14/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2019-14/" + }, + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1532525", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1532525" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The bufferdata function in WebGL is vulnerable to a buffer overflow with specific graphics drivers on Linux. This could result in malicious content freezing a tab or triggering a potentially exploitable crash. *Note: this issue only occurs on Linux. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7." } ] } diff --git a/2019/11xxx/CVE-2019-11694.json b/2019/11xxx/CVE-2019-11694.json index fbf4f7e0aad..fffb41bf389 100644 --- a/2019/11xxx/CVE-2019-11694.json +++ b/2019/11xxx/CVE-2019-11694.json @@ -4,14 +4,96 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-11694", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_value": "60.7", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_value": "67", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_value": "60.7", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Uninitialized memory memory leakage in Windows sandbox" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mozilla.org/security/advisories/mfsa2019-13/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2019-13/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2019-15/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2019-15/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2019-14/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2019-14/" + }, + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1534196", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1534196" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability exists in the Windows sandbox where an uninitialized value in memory can be leaked to a renderer from a broker when making a call to access an otherwise unavailable file. This results in the potential leaking of information stored at that memory location. *Note: this issue only occurs on Windows. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7." } ] } diff --git a/2019/11xxx/CVE-2019-11695.json b/2019/11xxx/CVE-2019-11695.json index 74b516388dc..8d93f653eab 100644 --- a/2019/11xxx/CVE-2019-11695.json +++ b/2019/11xxx/CVE-2019-11695.json @@ -4,14 +4,64 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-11695", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_value": "67", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Custom cursor can render over user interface outside of web content" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mozilla.org/security/advisories/mfsa2019-13/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2019-13/" + }, + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1445844", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1445844" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A custom cursor defined by scripting on a site can position itself over the addressbar to spoof the actual cursor when it should not be allowed outside of the primary web content area. This could be used by a malicious site to trick users into clicking on permission prompts, doorhanger notifications, or other buttons inadvertently if the location is spoofed over the user interface. This vulnerability affects Firefox < 67." } ] } diff --git a/2019/11xxx/CVE-2019-11696.json b/2019/11xxx/CVE-2019-11696.json index 5dbcc12c60c..3b90e6fd600 100644 --- a/2019/11xxx/CVE-2019-11696.json +++ b/2019/11xxx/CVE-2019-11696.json @@ -4,14 +4,64 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-11696", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_value": "67", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Java web start .JNLP files are not recognized as executable files for download prompts" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mozilla.org/security/advisories/mfsa2019-13/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2019-13/" + }, + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1392955", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1392955" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Files with the .JNLP extension used for \"Java web start\" applications are not treated as executable content for download prompts even though they can be executed if Java is installed on the local system. This could allow users to mistakenly launch an executable binary locally. This vulnerability affects Firefox < 67." } ] } diff --git a/2019/11xxx/CVE-2019-11697.json b/2019/11xxx/CVE-2019-11697.json index 3539e0604d0..6ffcf979b5e 100644 --- a/2019/11xxx/CVE-2019-11697.json +++ b/2019/11xxx/CVE-2019-11697.json @@ -4,14 +4,64 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-11697", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_value": "67", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Pressing key combinations can bypass installation prompt delays and install extensions" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mozilla.org/security/advisories/mfsa2019-13/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2019-13/" + }, + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1440079", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1440079" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "If the ALT and \"a\" keys are pressed when users receive an extension installation prompt, the extension will be installed without the install prompt delay that keeps the prompt visible in order for users to accept or decline the installation. A malicious web page could use this with spoofing on the page to trick users into installing a malicious extension. This vulnerability affects Firefox < 67." } ] } diff --git a/2019/11xxx/CVE-2019-11698.json b/2019/11xxx/CVE-2019-11698.json index 66962ca85fc..befbe24c5da 100644 --- a/2019/11xxx/CVE-2019-11698.json +++ b/2019/11xxx/CVE-2019-11698.json @@ -4,14 +4,96 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-11698", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_value": "60.7", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_value": "67", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_value": "60.7", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Theft of user history data through drag and drop of hyperlinks to and from bookmarks" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mozilla.org/security/advisories/mfsa2019-13/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2019-13/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2019-15/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2019-15/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2019-14/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2019-14/" + }, + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1543191", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1543191" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "If a crafted hyperlink is dragged and dropped to the bookmark bar or sidebar and the resulting bookmark is subsequently dragged and dropped into the web content area, an arbitrary query of a user's browser history can be run and transmitted to the content page via drop event data. This allows for the theft of browser history by a malicious site. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7." } ] } diff --git a/2019/11xxx/CVE-2019-11699.json b/2019/11xxx/CVE-2019-11699.json index 97311417ddd..766769a0d61 100644 --- a/2019/11xxx/CVE-2019-11699.json +++ b/2019/11xxx/CVE-2019-11699.json @@ -4,14 +4,64 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-11699", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_value": "67", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Incorrect domain name highlighting during page navigation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mozilla.org/security/advisories/mfsa2019-13/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2019-13/" + }, + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1528939", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1528939" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A malicious page can briefly cause the wrong name to be highlighted as the domain name in the addressbar during page navigations. This could result in user confusion of which site is currently loaded for spoofing attacks. This vulnerability affects Firefox < 67." } ] } diff --git a/2019/11xxx/CVE-2019-11700.json b/2019/11xxx/CVE-2019-11700.json index e53c2928c09..609eeeecbc9 100644 --- a/2019/11xxx/CVE-2019-11700.json +++ b/2019/11xxx/CVE-2019-11700.json @@ -4,14 +4,64 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-11700", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_value": "67", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "res: protocol can be used to open known local files" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mozilla.org/security/advisories/mfsa2019-13/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2019-13/" + }, + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1549833", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1549833" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A hyperlink using the res: protocol can be used to open local files at a known location in Internet Explorer if a user approves execution when prompted. *Note: this issue only occurs on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 67." } ] } diff --git a/2019/11xxx/CVE-2019-11701.json b/2019/11xxx/CVE-2019-11701.json index d90b567449d..579308adcfe 100644 --- a/2019/11xxx/CVE-2019-11701.json +++ b/2019/11xxx/CVE-2019-11701.json @@ -4,14 +4,64 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-11701", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_value": "67", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "webcal: protocol default handler loads vulnerable web page" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mozilla.org/security/advisories/mfsa2019-13/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2019-13/" + }, + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1518627", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1518627" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The default webcal: protocol handler will load a web site vulnerable to cross-site scripting (XSS) attacks. This default was left in place as a legacy feature and has now been removed. *Note: this issue only affects users with an account on the vulnerable service. Other users are unaffected.*. This vulnerability affects Firefox < 67." } ] } diff --git a/2019/11xxx/CVE-2019-11702.json b/2019/11xxx/CVE-2019-11702.json index cb3cc3ea70d..d5aee45daf8 100644 --- a/2019/11xxx/CVE-2019-11702.json +++ b/2019/11xxx/CVE-2019-11702.json @@ -4,14 +4,64 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-11702", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_value": "67.0.2", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "IE protocols can be used to open known local files" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mozilla.org/security/advisories/mfsa2019-16/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2019-16/" + }, + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1552627", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1552627" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A hyperlink using protocols associated with Internet Explorer, such as IE.HTTP:, can be used to open local files at a known location with Internet Explorer if a user approves execution when prompted. *Note: this issue only occurs on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 67.0.2." } ] } diff --git a/2019/11xxx/CVE-2019-11703.json b/2019/11xxx/CVE-2019-11703.json index 04ecca1a093..0edc7291be7 100644 --- a/2019/11xxx/CVE-2019-11703.json +++ b/2019/11xxx/CVE-2019-11703.json @@ -4,14 +4,64 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-11703", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_value": "60.7.1", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Heap buffer overflow in icalparser.c" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mozilla.org/security/advisories/mfsa2019-17/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2019-17/" + }, + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1553820", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1553820" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw in Thunderbird's implementation of iCal causes a heap buffer overflow in parser_get_next_char when processing certain email messages, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7.1." } ] } diff --git a/2019/11xxx/CVE-2019-11704.json b/2019/11xxx/CVE-2019-11704.json index cad362203cf..5fafd4bec9c 100644 --- a/2019/11xxx/CVE-2019-11704.json +++ b/2019/11xxx/CVE-2019-11704.json @@ -4,14 +4,64 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-11704", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_value": "60.7.1", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Heap buffer overflow in icalvalue.c" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mozilla.org/security/advisories/mfsa2019-17/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2019-17/" + }, + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1553814", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1553814" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw in Thunderbird's implementation of iCal causes a heap buffer overflow in icalmemory_strdup_and_dequote when processing certain email messages, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7.1." } ] } diff --git a/2019/11xxx/CVE-2019-11705.json b/2019/11xxx/CVE-2019-11705.json index b2281e21860..89036e4c312 100644 --- a/2019/11xxx/CVE-2019-11705.json +++ b/2019/11xxx/CVE-2019-11705.json @@ -4,14 +4,64 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-11705", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_value": "60.7.1", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Stack buffer overflow in icalrecur.c" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mozilla.org/security/advisories/mfsa2019-17/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2019-17/" + }, + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1553808", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1553808" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw in Thunderbird's implementation of iCal causes a stack buffer overflow in icalrecur_add_bydayrules when processing certain email messages, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7.1." } ] } diff --git a/2019/11xxx/CVE-2019-11706.json b/2019/11xxx/CVE-2019-11706.json index b7dbc4ece6d..d35f8646971 100644 --- a/2019/11xxx/CVE-2019-11706.json +++ b/2019/11xxx/CVE-2019-11706.json @@ -4,14 +4,64 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-11706", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_value": "60.7.1", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Type confusion in icalproperty.c" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mozilla.org/security/advisories/mfsa2019-17/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2019-17/" + }, + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1555646", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1555646" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw in Thunderbird's implementation of iCal causes a type confusion in icaltimezone_get_vtimezone_properties when processing certain email messages, resulting in a crash. This vulnerability affects Thunderbird < 60.7.1." } ] } diff --git a/2019/11xxx/CVE-2019-11707.json b/2019/11xxx/CVE-2019-11707.json index 67f3e90bbc6..22292379efd 100644 --- a/2019/11xxx/CVE-2019-11707.json +++ b/2019/11xxx/CVE-2019-11707.json @@ -4,14 +4,91 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-11707", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_value": "60.7.1", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_value": "67.0.3", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_value": "60.7.2", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Type confusion in Array.pop" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mozilla.org/security/advisories/mfsa2019-20/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2019-20/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2019-18/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2019-18/" + }, + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1544386", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1544386" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR < 60.7.1, Firefox < 67.0.3, and Thunderbird < 60.7.2." } ] } diff --git a/2019/11xxx/CVE-2019-11708.json b/2019/11xxx/CVE-2019-11708.json index 097e482a508..7d7cbf123fa 100644 --- a/2019/11xxx/CVE-2019-11708.json +++ b/2019/11xxx/CVE-2019-11708.json @@ -4,14 +4,91 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-11708", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_value": "60.7.2", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_value": "67.0.4", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_value": "60.7.2", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "sandbox escape using Prompt:Open" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mozilla.org/security/advisories/mfsa2019-19/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2019-19/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2019-20/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2019-20/" + }, + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1559858", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1559858" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed parent process opening web content chosen by a compromised child process. When combined with additional vulnerabilities this could result in executing arbitrary code on the user's computer. This vulnerability affects Firefox ESR < 60.7.2, Firefox < 67.0.4, and Thunderbird < 60.7.2." } ] } diff --git a/2019/11xxx/CVE-2019-11709.json b/2019/11xxx/CVE-2019-11709.json index 04e0968369f..239ddf20c3b 100644 --- a/2019/11xxx/CVE-2019-11709.json +++ b/2019/11xxx/CVE-2019-11709.json @@ -4,14 +4,96 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-11709", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_value": "60.8", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_value": "68", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_value": "60.8", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Memory safety bugs fixed in Firefox 68 and Firefox ESR 60.8" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mozilla.org/security/advisories/mfsa2019-21/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2019-21/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2019-22/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2019-22/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2019-23/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2019-23/" + }, + { + "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1547266%2C1540759%2C1548822%2C1550498%2C1515052%2C1539219%2C1547757%2C1550498%2C1533522", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1547266%2C1540759%2C1548822%2C1550498%2C1515052%2C1539219%2C1547757%2C1550498%2C1533522" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Mozilla developers and community members reported memory safety bugs present in Firefox 67 and Firefox ESR 60.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8." } ] } diff --git a/2019/11xxx/CVE-2019-11710.json b/2019/11xxx/CVE-2019-11710.json index 3717418ae04..a619218f487 100644 --- a/2019/11xxx/CVE-2019-11710.json +++ b/2019/11xxx/CVE-2019-11710.json @@ -4,14 +4,64 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-11710", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_value": "68", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Memory safety bugs fixed in Firefox 68" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mozilla.org/security/advisories/mfsa2019-21/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2019-21/" + }, + { + "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1549768%2C1548611%2C1533842%2C1537692%2C1540590%2C1551907%2C1510345%2C1535482%2C1535848%2C1547472%2C1547760%2C1507696%2C1544180", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1549768%2C1548611%2C1533842%2C1537692%2C1540590%2C1551907%2C1510345%2C1535482%2C1535848%2C1547472%2C1547760%2C1507696%2C1544180" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Mozilla developers and community members reported memory safety bugs present in Firefox 67. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 68." } ] } diff --git a/2019/11xxx/CVE-2019-11711.json b/2019/11xxx/CVE-2019-11711.json index d3cfc3fce62..154dec3ce2f 100644 --- a/2019/11xxx/CVE-2019-11711.json +++ b/2019/11xxx/CVE-2019-11711.json @@ -4,14 +4,96 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-11711", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_value": "60.8", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_value": "68", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_value": "60.8", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Script injection within domain through inner window reuse" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mozilla.org/security/advisories/mfsa2019-21/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2019-21/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2019-22/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2019-22/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2019-23/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2019-23/" + }, + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1552541", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1552541" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "When an inner window is reused, it does not consider the use of document.domain for cross-origin protections. If pages on different subdomains ever cooperatively use document.domain, then either page can abuse this to inject script into arbitrary pages on the other subdomain, even those that did not use document.domain to relax their origin security. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8." } ] } diff --git a/2019/11xxx/CVE-2019-11712.json b/2019/11xxx/CVE-2019-11712.json index b664a4f6f86..48672144581 100644 --- a/2019/11xxx/CVE-2019-11712.json +++ b/2019/11xxx/CVE-2019-11712.json @@ -4,14 +4,96 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-11712", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_value": "60.8", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_value": "68", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_value": "60.8", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mozilla.org/security/advisories/mfsa2019-21/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2019-21/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2019-22/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2019-22/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2019-23/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2019-23/" + }, + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1543804", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1543804" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "POST requests made by NPAPI plugins, such as Flash, that receive a status 308 redirect response can bypass CORS requirements. This can allow an attacker to perform Cross-Site Request Forgery (CSRF) attacks. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8." } ] } diff --git a/2019/11xxx/CVE-2019-11713.json b/2019/11xxx/CVE-2019-11713.json index eb84c55ea6e..762c2d23a17 100644 --- a/2019/11xxx/CVE-2019-11713.json +++ b/2019/11xxx/CVE-2019-11713.json @@ -4,14 +4,96 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-11713", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_value": "60.8", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_value": "68", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_value": "60.8", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use-after-free with HTTP/2 cached stream" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mozilla.org/security/advisories/mfsa2019-21/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2019-21/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2019-22/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2019-22/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2019-23/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2019-23/" + }, + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1528481", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1528481" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A use-after-free vulnerability can occur in HTTP/2 when a cached HTTP/2 stream is closed while still in use, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8." } ] } diff --git a/2019/11xxx/CVE-2019-11714.json b/2019/11xxx/CVE-2019-11714.json index 06c2823b39b..eb303227b20 100644 --- a/2019/11xxx/CVE-2019-11714.json +++ b/2019/11xxx/CVE-2019-11714.json @@ -4,14 +4,64 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-11714", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_value": "68", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "NeckoChild can trigger crash when accessed off of main thread" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mozilla.org/security/advisories/mfsa2019-21/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2019-21/" + }, + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1542593", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1542593" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Necko can access a child on the wrong thread during UDP connections, resulting in a potentially exploitable crash in some instances. This vulnerability affects Firefox < 68." } ] } diff --git a/2019/11xxx/CVE-2019-11715.json b/2019/11xxx/CVE-2019-11715.json index 70f943eb2ca..f6f5e003a48 100644 --- a/2019/11xxx/CVE-2019-11715.json +++ b/2019/11xxx/CVE-2019-11715.json @@ -4,14 +4,96 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-11715", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_value": "60.8", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_value": "68", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_value": "60.8", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "HTML parsing error can contribute to content XSS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mozilla.org/security/advisories/mfsa2019-21/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2019-21/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2019-22/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2019-22/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2019-23/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2019-23/" + }, + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1555523", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1555523" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Due to an error while parsing page content, it is possible for properly sanitized user input to be misinterpreted and lead to XSS hazards on web sites in certain circumstances. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8." } ] } diff --git a/2019/11xxx/CVE-2019-11716.json b/2019/11xxx/CVE-2019-11716.json index 3624fa03a48..227cf43ff61 100644 --- a/2019/11xxx/CVE-2019-11716.json +++ b/2019/11xxx/CVE-2019-11716.json @@ -4,14 +4,64 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-11716", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_value": "68", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "globalThis not enumerable until accessed" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mozilla.org/security/advisories/mfsa2019-21/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2019-21/" + }, + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1552632", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1552632" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Until explicitly accessed by script, window.globalThis is not enumerable and, as a result, is not visible to code such as Object.getOwnPropertyNames(window). Sites that deploy a sandboxing that depends on enumerating and freezing access to the window object may miss this, allowing their sandboxes to be bypassed. This vulnerability affects Firefox < 68." } ] } diff --git a/2019/11xxx/CVE-2019-11717.json b/2019/11xxx/CVE-2019-11717.json index d0e4222d272..a31aea45b49 100644 --- a/2019/11xxx/CVE-2019-11717.json +++ b/2019/11xxx/CVE-2019-11717.json @@ -4,14 +4,96 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-11717", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_value": "60.8", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_value": "68", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_value": "60.8", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Caret character improperly escaped in origins" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mozilla.org/security/advisories/mfsa2019-21/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2019-21/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2019-22/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2019-22/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2019-23/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2019-23/" + }, + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1548306", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1548306" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability exists where the caret (\"^\") character is improperly escaped constructing some URIs due to it being used as a separator, allowing for possible spoofing of origin attributes. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8." } ] } diff --git a/2019/11xxx/CVE-2019-11718.json b/2019/11xxx/CVE-2019-11718.json index 8459ca9e7db..7d622d9d0f8 100644 --- a/2019/11xxx/CVE-2019-11718.json +++ b/2019/11xxx/CVE-2019-11718.json @@ -4,14 +4,64 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-11718", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_value": "68", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Activity Stream writes unsanitized content to innerHTML" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mozilla.org/security/advisories/mfsa2019-21/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2019-21/" + }, + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1408349", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1408349" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Activity Stream can display content from sent from the Snippet Service website. This content is written to innerHTML on the Activity Stream page without sanitization, allowing for a potential access to other information available to the Activity Stream, such as browsing history, if the Snipper Service were compromised. This vulnerability affects Firefox < 68." } ] } diff --git a/2019/11xxx/CVE-2019-11719.json b/2019/11xxx/CVE-2019-11719.json index f789d993edb..81167ae2790 100644 --- a/2019/11xxx/CVE-2019-11719.json +++ b/2019/11xxx/CVE-2019-11719.json @@ -4,14 +4,96 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-11719", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_value": "60.8", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_value": "68", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_value": "60.8", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds read when importing curve25519 private key" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mozilla.org/security/advisories/mfsa2019-21/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2019-21/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2019-22/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2019-22/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2019-23/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2019-23/" + }, + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1540541", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1540541" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "When importing a curve25519 private key in PKCS#8format with leading 0x00 bytes, it is possible to trigger an out-of-bounds read in the Network Security Services (NSS) library. This could lead to information disclosure. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8." } ] } diff --git a/2019/11xxx/CVE-2019-11720.json b/2019/11xxx/CVE-2019-11720.json index 2da745ed7ec..080b62e7abd 100644 --- a/2019/11xxx/CVE-2019-11720.json +++ b/2019/11xxx/CVE-2019-11720.json @@ -4,14 +4,64 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-11720", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_value": "68", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Character encoding XSS vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mozilla.org/security/advisories/mfsa2019-21/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2019-21/" + }, + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1556230", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1556230" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Some unicode characters are incorrectly treated as whitespace during the parsing of web content instead of triggering parsing errors. This allows malicious code to then be processed, evading cross-site scripting (XSS) filtering. This vulnerability affects Firefox < 68." } ] } diff --git a/2019/11xxx/CVE-2019-11721.json b/2019/11xxx/CVE-2019-11721.json index 0903db36351..69a8b3fdeb3 100644 --- a/2019/11xxx/CVE-2019-11721.json +++ b/2019/11xxx/CVE-2019-11721.json @@ -4,14 +4,64 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-11721", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_value": "68", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Domain spoofing through unicode latin 'kra' character" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mozilla.org/security/advisories/mfsa2019-21/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2019-21/" + }, + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1256009", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1256009" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The unicode latin 'kra' character can be used to spoof a standard 'k' character in the addressbar. This allows for domain spoofing attacks as do not display as punycode text, allowing for user confusion. This vulnerability affects Firefox < 68." } ] } diff --git a/2019/11xxx/CVE-2019-11723.json b/2019/11xxx/CVE-2019-11723.json index f419cab5c78..a7d52be57d3 100644 --- a/2019/11xxx/CVE-2019-11723.json +++ b/2019/11xxx/CVE-2019-11723.json @@ -4,14 +4,64 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-11723", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_value": "68", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cookie leakage during add-on fetching across private browsing boundaries" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mozilla.org/security/advisories/mfsa2019-21/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2019-21/" + }, + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1528335", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1528335" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability exists during the installation of add-ons where the initial fetch ignored the origin attributes of the browsing context. This could leak cookies in private browsing mode or across different \"containers\" for people who use the Firefox Multi-Account Containers Web Extension. This vulnerability affects Firefox < 68." } ] } diff --git a/2019/11xxx/CVE-2019-11724.json b/2019/11xxx/CVE-2019-11724.json index 950d370e7ac..0c661d80010 100644 --- a/2019/11xxx/CVE-2019-11724.json +++ b/2019/11xxx/CVE-2019-11724.json @@ -4,14 +4,64 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-11724", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_value": "68", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Retired site input.mozilla.org has remote troubleshooting permissions" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mozilla.org/security/advisories/mfsa2019-21/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2019-21/" + }, + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1512511", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1512511" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Application permissions give additional remote troubleshooting permission to the site input.mozilla.org, which has been retired and now redirects to another site. This additional permission is unnecessary and is a potential vector for malicious attacks. This vulnerability affects Firefox < 68." } ] } diff --git a/2019/11xxx/CVE-2019-11725.json b/2019/11xxx/CVE-2019-11725.json index 3fac3e97bf5..033226f729e 100644 --- a/2019/11xxx/CVE-2019-11725.json +++ b/2019/11xxx/CVE-2019-11725.json @@ -4,14 +4,64 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-11725", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_value": "68", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Websocket resources bypass safebrowsing protections" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mozilla.org/security/advisories/mfsa2019-21/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2019-21/" + }, + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1483510", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1483510" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "When a user navigates to site marked as unsafe by the Safebrowsing API, warning messages are displayed and navigation is interrupted but resources from the same site loaded through websockets are not blocked, leading to the loading of unsafe resources and bypassing safebrowsing protections. This vulnerability affects Firefox < 68." } ] } diff --git a/2019/11xxx/CVE-2019-11727.json b/2019/11xxx/CVE-2019-11727.json index 1b0282dfc93..0f82a3662ef 100644 --- a/2019/11xxx/CVE-2019-11727.json +++ b/2019/11xxx/CVE-2019-11727.json @@ -4,14 +4,64 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-11727", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_value": "68", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "PKCS#1 v1.5 signatures can be used for TLS 1.3" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mozilla.org/security/advisories/mfsa2019-21/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2019-21/" + }, + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1552208", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1552208" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability exists where it possible to force Network Security Services (NSS) to sign CertificateVerify with PKCS#1 v1.5 signatures when those are the only ones advertised by server in CertificateRequest in TLS 1.3. PKCS#1 v1.5 signatures should not be used for TLS 1.3 messages. This vulnerability affects Firefox < 68." } ] } diff --git a/2019/11xxx/CVE-2019-11728.json b/2019/11xxx/CVE-2019-11728.json index e51f0beecbc..d8c1a832655 100644 --- a/2019/11xxx/CVE-2019-11728.json +++ b/2019/11xxx/CVE-2019-11728.json @@ -4,14 +4,64 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-11728", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_value": "68", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Port scanning through Alt-Svc header" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mozilla.org/security/advisories/mfsa2019-21/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2019-21/" + }, + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1552993", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1552993" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The HTTP Alternative Services header, Alt-Svc, can be used by a malicious site to scan all TCP ports of any host that the accessible to a user when web content is loaded. This vulnerability affects Firefox < 68." } ] } diff --git a/2019/11xxx/CVE-2019-11729.json b/2019/11xxx/CVE-2019-11729.json index 86686188b5b..d4a3642bcee 100644 --- a/2019/11xxx/CVE-2019-11729.json +++ b/2019/11xxx/CVE-2019-11729.json @@ -4,14 +4,96 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-11729", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_value": "60.8", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_value": "68", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_value": "60.8", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Empty or malformed p256-ECDH public keys may trigger a segmentation fault" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mozilla.org/security/advisories/mfsa2019-21/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2019-21/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2019-22/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2019-22/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2019-23/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2019-23/" + }, + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1515342", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1515342" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8." } ] } diff --git a/2019/11xxx/CVE-2019-11730.json b/2019/11xxx/CVE-2019-11730.json index 3a3a379728c..465210f8f4c 100644 --- a/2019/11xxx/CVE-2019-11730.json +++ b/2019/11xxx/CVE-2019-11730.json @@ -4,14 +4,96 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-11730", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_value": "60.8", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_value": "68", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_value": "60.8", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Same-origin policy treats all files in a directory as having the same-origin" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mozilla.org/security/advisories/mfsa2019-21/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2019-21/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2019-22/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2019-22/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2019-23/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2019-23/" + }, + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1558299", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1558299" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability exists where if a user opens a locally saved HTML file, this file can use file: URIs to access other files in the same directory or sub-directories if the names are known or guessed. The Fetch API can then be used to read the contents of any files stored in these directories and they may uploaded to a server. It was demonstrated that in combination with a popular Android messaging app, if a malicious HTML attachment is sent to a user and they opened that attachment in Firefox, due to that app's predictable pattern for locally-saved file names, it is possible to read attachments the victim received from other correspondents. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8." } ] } diff --git a/2019/12xxx/CVE-2019-12934.json b/2019/12xxx/CVE-2019-12934.json index 2d44e799589..24171142697 100644 --- a/2019/12xxx/CVE-2019-12934.json +++ b/2019/12xxx/CVE-2019-12934.json @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "https://zeroauth.ltd/blog/2019/07/17/cve-2019-12934-wp-code-highlightjs-wordpress-plugin-csrf-leads-to-blog-wide-injected-script-html/", "url": "https://zeroauth.ltd/blog/2019/07/17/cve-2019-12934-wp-code-highlightjs-wordpress-plugin-csrf-leads-to-blog-wide-injected-script-html/" + }, + { + "refsource": "BID", + "name": "109331", + "url": "http://www.securityfocus.com/bid/109331" } ] } diff --git a/2019/9xxx/CVE-2019-9800.json b/2019/9xxx/CVE-2019-9800.json index b8973e6984a..bebab5f5189 100644 --- a/2019/9xxx/CVE-2019-9800.json +++ b/2019/9xxx/CVE-2019-9800.json @@ -1,17 +1,99 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-9800", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-9800", + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_value": "60.7", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_value": "67", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_value": "60.7", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Memory safety bugs fixed in Firefox 67, Firefox ESR 60.7, and Thunderbird 60.7" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mozilla.org/security/advisories/mfsa2019-13/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2019-13/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2019-15/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2019-15/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2019-14/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2019-14/" + }, + { + "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1540166%2C1534593%2C1546327%2C1540136%2C1538736%2C1538042%2C1535612%2C1499719%2C1499108%2C1538619%2C1535194%2C1516325%2C1542324%2C1542097%2C1532465%2C1533554%2C1541580", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1540166%2C1534593%2C1546327%2C1540136%2C1538736%2C1538042%2C1535612%2C1499719%2C1499108%2C1538619%2C1535194%2C1516325%2C1542324%2C1542097%2C1532465%2C1533554%2C1541580" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Mozilla developers and community members reported memory safety bugs present in Firefox 66, Firefox ESR 60.6, and Thunderbird 60.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7." } ] } diff --git a/2019/9xxx/CVE-2019-9811.json b/2019/9xxx/CVE-2019-9811.json index 9bd1b3bdb6b..2c404cacefb 100644 --- a/2019/9xxx/CVE-2019-9811.json +++ b/2019/9xxx/CVE-2019-9811.json @@ -1,17 +1,109 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-9811", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-9811", + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_value": "60.8", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_value": "68", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_value": "60.8", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Sandbox escape via installation of malicious language pack" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mozilla.org/security/advisories/mfsa2019-21/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2019-21/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2019-22/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2019-22/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2019-23/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2019-23/" + }, + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1538007", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1538007" + }, + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1539598", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1539598" + }, + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1563327", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1563327" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "As part of a winning Pwn2Own entry, a researcher demonstrated a sandbox escape by installing a malicious language pack and then opening a browser feature that used the compromised translation. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8." } ] } diff --git a/2019/9xxx/CVE-2019-9814.json b/2019/9xxx/CVE-2019-9814.json index 380ff58abba..b29acc9b8cf 100644 --- a/2019/9xxx/CVE-2019-9814.json +++ b/2019/9xxx/CVE-2019-9814.json @@ -1,17 +1,67 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-9814", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-9814", + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_value": "67", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Memory safety bugs fixed in Firefox 67" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mozilla.org/security/advisories/mfsa2019-13/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2019-13/" + }, + { + "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1527592%2C1534536%2C1520132%2C1543159%2C1539393%2C1459932%2C1459182%2C1516425", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1527592%2C1534536%2C1520132%2C1543159%2C1539393%2C1459932%2C1459182%2C1516425" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Mozilla developers and community members reported memory safety bugs present in Firefox 66. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 67." } ] } diff --git a/2019/9xxx/CVE-2019-9815.json b/2019/9xxx/CVE-2019-9815.json index 0fa3fc05a68..1d9372e1f5d 100644 --- a/2019/9xxx/CVE-2019-9815.json +++ b/2019/9xxx/CVE-2019-9815.json @@ -1,17 +1,104 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-9815", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-9815", + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_value": "60.7", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_value": "67", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_value": "60.7", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Disable hyperthreading on content JavaScript threads on macOS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mozilla.org/security/advisories/mfsa2019-13/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2019-13/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2019-15/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2019-15/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2019-14/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2019-14/" + }, + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1546544", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1546544" + }, + { + "url": "https://mdsattacks.com/", + "refsource": "MISC", + "name": "https://mdsattacks.com/" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "If hyperthreading is not disabled, a timing attack vulnerability exists, similar to previous Spectre attacks. Apple has shipped macOS 10.14.5 with an option to disable hyperthreading in applications running untrusted code in a thread through a new sysctl. Firefox now makes use of it on the main thread and any worker threads. *Note: users need to update to macOS 10.14.5 in order to take advantage of this change.*. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7." } ] } diff --git a/2019/9xxx/CVE-2019-9816.json b/2019/9xxx/CVE-2019-9816.json index 2c4ecdc2788..27224f00901 100644 --- a/2019/9xxx/CVE-2019-9816.json +++ b/2019/9xxx/CVE-2019-9816.json @@ -1,17 +1,99 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-9816", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-9816", + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_value": "60.7", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_value": "67", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_value": "60.7", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Type confusion with object groups and UnboxedObjects" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mozilla.org/security/advisories/mfsa2019-13/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2019-13/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2019-15/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2019-15/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2019-14/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2019-14/" + }, + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1536768", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1536768" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A possible vulnerability exists where type confusion can occur when manipulating JavaScript objects in object groups, allowing for the bypassing of security checks within these groups. *Note: this vulnerability has only been demonstrated with UnboxedObjects, which are disabled by default on all supported releases.*. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7." } ] } diff --git a/2019/9xxx/CVE-2019-9817.json b/2019/9xxx/CVE-2019-9817.json index 05fc6a23c06..c7ef4d7142c 100644 --- a/2019/9xxx/CVE-2019-9817.json +++ b/2019/9xxx/CVE-2019-9817.json @@ -1,17 +1,99 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-9817", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-9817", + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_value": "60.7", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_value": "67", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_value": "60.7", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Stealing of cross-domain images using canvas" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mozilla.org/security/advisories/mfsa2019-13/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2019-13/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2019-15/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2019-15/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2019-14/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2019-14/" + }, + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1540221", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1540221" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Images from a different domain can be read using a canvas object in some circumstances. This could be used to steal image data from a different site in violation of same-origin policy. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7." } ] } diff --git a/2019/9xxx/CVE-2019-9818.json b/2019/9xxx/CVE-2019-9818.json index 5f2c064628e..a3a47a029d2 100644 --- a/2019/9xxx/CVE-2019-9818.json +++ b/2019/9xxx/CVE-2019-9818.json @@ -1,17 +1,99 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-9818", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-9818", + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_value": "60.7", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_value": "67", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_value": "60.7", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use-after-free in crash generation server" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mozilla.org/security/advisories/mfsa2019-13/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2019-13/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2019-15/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2019-15/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2019-14/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2019-14/" + }, + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1542581", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1542581" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A race condition is present in the crash generation server used to generate data for the crash reporter. This issue can lead to a use-after-free in the main process, resulting in a potentially exploitable crash and a sandbox escape. *Note: this vulnerability only affects Windows. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7." } ] } diff --git a/2019/9xxx/CVE-2019-9819.json b/2019/9xxx/CVE-2019-9819.json index dcec3fbb01b..0df660af75d 100644 --- a/2019/9xxx/CVE-2019-9819.json +++ b/2019/9xxx/CVE-2019-9819.json @@ -1,17 +1,99 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-9819", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-9819", + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_value": "60.7", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_value": "67", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_value": "60.7", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Compartment mismatch with fetch API" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mozilla.org/security/advisories/mfsa2019-13/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2019-13/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2019-15/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2019-15/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2019-14/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2019-14/" + }, + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1532553", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1532553" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability where a JavaScript compartment mismatch can occur while working with the fetch API, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7." } ] } diff --git a/2019/9xxx/CVE-2019-9820.json b/2019/9xxx/CVE-2019-9820.json index 102cc02a0a3..4acc19dfd64 100644 --- a/2019/9xxx/CVE-2019-9820.json +++ b/2019/9xxx/CVE-2019-9820.json @@ -1,17 +1,99 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-9820", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-9820", + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_value": "60.7", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_value": "67", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_value": "60.7", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use-after-free of ChromeEventHandler by DocShell" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mozilla.org/security/advisories/mfsa2019-13/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2019-13/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2019-15/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2019-15/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2019-14/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2019-14/" + }, + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1536405", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1536405" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A use-after-free vulnerability can occur in the chrome event handler when it is freed while still in use. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7." } ] } diff --git a/2019/9xxx/CVE-2019-9821.json b/2019/9xxx/CVE-2019-9821.json index dc7870da82b..b25626143fd 100644 --- a/2019/9xxx/CVE-2019-9821.json +++ b/2019/9xxx/CVE-2019-9821.json @@ -1,17 +1,67 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-9821", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-9821", + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_value": "67", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use-after-free in AssertWorkerThread" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mozilla.org/security/advisories/mfsa2019-13/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2019-13/" + }, + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1539125", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1539125" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A use-after-free vulnerability can occur in AssertWorkerThread due to a race condition with shared workers. This results in a potentially exploitable crash. This vulnerability affects Firefox < 67." } ] }