admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-07-23 14:00:51 +00:00
parent 9e469600c2
commit b86805bbb8
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
68 changed files with 4344 additions and 298 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
2019/1010xxx/CVE-2019-1010148.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "cve-assign@distributedweaknessfiling.org",
"ID": "CVE-2019-1010148",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "zzcms",
"product": {
"product_data": [
{
"product_name": "zzcms",
"version": {
"version_data": [
{
"version_value": "\u2264 8.3"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "zzcms version 8.3 and earlier is affected by: SQL Injection. The impact is: zzcms File Delete to Code Execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://gist.github.com/Lz1y/acd1bfd0cc0e0f53b8f781840e7bf368",
"refsource": "MISC",
"name": "https://gist.github.com/Lz1y/acd1bfd0cc0e0f53b8f781840e7bf368"
}
]
}

56
2019/1010xxx/CVE-2019-1010149.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "cve-assign@distributedweaknessfiling.org",
"ID": "CVE-2019-1010149",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "zzcms",
"product": {
"product_data": [
{
"product_name": "zzcms",
"version": {
"version_data": [
{
"version_value": "\u2264 8.3"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "zzcms version 8.3 and earlier is affected by: File Delete to Code Execution. The impact is: zzcms File Delete to Code Execution. The component is: user/licence_save.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "File Delete to Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://gist.github.com/Lz1y/e82eb9cc776e629b9d1874dc689421eb",
"refsource": "MISC",
"name": "https://gist.github.com/Lz1y/e82eb9cc776e629b9d1874dc689421eb"
}
]
}

56
2019/1010xxx/CVE-2019-1010150.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "cve-assign@distributedweaknessfiling.org",
"ID": "CVE-2019-1010150",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "zzcms",
"product": {
"product_data": [
{
"product_name": "zzcms",
"version": {
"version_data": [
{
"version_value": "\u2264 8.3"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "zzcms 8.3 and earlier is affected by: File Delete to Code Execution. The impact is: getshell. The component is: /user/zssave.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "File Delete to Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://gist.github.com/Lz1y/7ab529230c43dfc5441ac32dd13e3e5b",
"refsource": "MISC",
"name": "https://gist.github.com/Lz1y/7ab529230c43dfc5441ac32dd13e3e5b"
}
]
}

56
2019/1010xxx/CVE-2019-1010152.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "cve-assign@distributedweaknessfiling.org",
"ID": "CVE-2019-1010152",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "zzcms",
"product": {
"product_data": [
{
"product_name": "zzcms",
"version": {
"version_data": [
{
"version_value": "\u2264 8.3"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "zzcms 8.3 and earlier is affected by: File Delete to Code Execution. The impact is: getshell. The component is: user/manage.php line 31-80."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "File Delete to Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://gist.github.com/Lz1y/cfb2f8179003b91404ad029333508f4c",
"refsource": "MISC",
"name": "https://gist.github.com/Lz1y/cfb2f8179003b91404ad029333508f4c"
}
]
}

56
2019/1010xxx/CVE-2019-1010153.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "cve-assign@distributedweaknessfiling.org",
"ID": "CVE-2019-1010153",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "zzcms",
"product": {
"product_data": [
{
"product_name": "zzcms",
"version": {
"version_data": [
{
"version_value": "\u2264 8.3"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "zzcms 8.3 and earlier is affected by: SQL Injection. The impact is: sql inject. The component is: zs/subzs.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://gist.github.com/Lz1y/31595b060cd6a031896fdf2b3a1273f5",
"refsource": "MISC",
"name": "https://gist.github.com/Lz1y/31595b060cd6a031896fdf2b3a1273f5"
}
]
}

56
2019/1010xxx/CVE-2019-1010155.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "cve-assign@distributedweaknessfiling.org",
"ID": "CVE-2019-1010155",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DSL-2750U",
"version": {
"version_data": [
{
"version_value": "1.11"
}
]
}
}
]
},
"vendor_name": "D-Link"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "D-Link DSL-2750U 1.11 is affected by: Authentication Bypass. The impact is: denial of service and information leakage. The component is: login."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authentication Bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://youtu.be/BQQbp2vn_wY",
"refsource": "MISC",
"name": "https://youtu.be/BQQbp2vn_wY"
}
]
}

56
2019/1010xxx/CVE-2019-1010156.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "cve-assign@distributedweaknessfiling.org",
"ID": "CVE-2019-1010156",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DSL-2750U",
"version": {
"version_data": [
{
"version_value": "Firmware 1.11"
}
]
}
}
]
},
"vendor_name": "D-Link"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "D-Link DSL-2750U Firmware 1.11 is affected by: Authentication Bypass. The impact is: denial of service and information leakage. The component is: login form."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authentication Bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://youtu.be/BQQbp2vn_wY",
"refsource": "MISC",
"name": "https://youtu.be/BQQbp2vn_wY"
}
]
}

59
2019/1010xxx/CVE-2019-1010162.json
View File

@ -1,17 +1,64 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "cve-assign@distributedweaknessfiling.org",
"ID": "CVE-2019-1010162",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "jsi",
"product": {
"product_data": [
{
"product_name": "jsi",
"version": {
"version_data": [
{
"version_value": "2.4.74"
},
{
"version_value": "2.0474 [fixed: 2.4.77]"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "jsish 2.4.74 2.0474 is affected by: CWE-476: NULL Pointer Dereference. The impact is: denial of service. The component is: function Jsi_StrcmpDict (jsiChar.c:121). The attack vector is: The victim must execute crafted javascript code. The fixed version is: 2.4.77."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-476: NULL Pointer Dereference"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://jsish.org/fossil/jsi/tktview/5533c4d665b9683eebe4d662493f15eb911d1c8f",
"url": "https://jsish.org/fossil/jsi/tktview/5533c4d665b9683eebe4d662493f15eb911d1c8f"
}
]
}

59
2019/1010xxx/CVE-2019-1010169.json
View File

@ -1,17 +1,64 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "cve-assign@distributedweaknessfiling.org",
"ID": "CVE-2019-1010169",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jsish",
"product": {
"product_data": [
{
"product_name": "Jsi",
"version": {
"version_data": [
{
"version_value": "2.4.77"
},
{
"version_value": "2.0477 [fixed: 2.4.78]"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Jsish 2.4.77 2.0477 is affected by: Out-of-bounds Read. The impact is: denial of service. The component is: function lexer_getchar (jsiLexer.c:9). The attack vector is: executing crafted javascript code. The fixed version is: 2.4.78."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bounds Read"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://jsish.org/fossil/jsi/tktview/3a069014976f3422d9d96821dc555c8326c02ae3",
"refsource": "MISC",
"name": "https://jsish.org/fossil/jsi/tktview/3a069014976f3422d9d96821dc555c8326c02ae3"
}
]
}

59
2019/1010xxx/CVE-2019-1010170.json
View File

@ -1,17 +1,64 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "cve-assign@distributedweaknessfiling.org",
"ID": "CVE-2019-1010170",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jsish",
"product": {
"product_data": [
{
"product_name": "Jsi",
"version": {
"version_data": [
{
"version_value": "2.4.77"
},
{
"version_value": "2.0477 [fixed: 2.4.78]"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Jsish 2.4.77 2.0477 is affected by: Use After Free. The impact is: denial of service. The component is: function Jsi_ObjFree (jsiObj.c:230). The attack vector is: executing crafted javascript code. The fixed version is: 2.4.78."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use After Free"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://jsish.org/fossil/jsi/tktview/870f496bb8a707491df8026e2ff78b33a5cf44c1",
"url": "https://jsish.org/fossil/jsi/tktview/870f496bb8a707491df8026e2ff78b33a5cf44c1"
}
]
}

59
2019/1010xxx/CVE-2019-1010171.json
View File

@ -1,17 +1,64 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "cve-assign@distributedweaknessfiling.org",
"ID": "CVE-2019-1010171",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jsish",
"product": {
"product_data": [
{
"product_name": "Jsi",
"version": {
"version_data": [
{
"version_value": "2.4.83"
},
{
"version_value": "2.0483 [fixed: 2.4.84]"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Jsish 2.4.83 2.0483 is affected by: Nullpointer dereference. The impact is: denial of service. The component is: function jsi_DumpFunctions (jsiEval.c:567). The attack vector is: executing crafted javascript code. The fixed version is: 2.4.84."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Nullpointer dereference"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://jsish.org/fossil/jsi/tktview/a3026a7c06e0f41af461aa0bc2f7a7e886209390",
"url": "https://jsish.org/fossil/jsi/tktview/a3026a7c06e0f41af461aa0bc2f7a7e886209390"
}
]
}

56
2019/1010xxx/CVE-2019-1010202.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "cve-assign@distributedweaknessfiling.org",
"ID": "CVE-2019-1010202",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Jeesite",
"version": {
"version_data": [
{
"version_value": "1.2.7 [fixed: 4.0 and later]"
}
]
}
}
]
},
"vendor_name": "Jeesite"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Jeesite 1.2.7 is affected by: XML External Entity (XXE). The impact is: sensitive information disclosure. The component is: convertToModel() function in src/main/java/com.thinkgem.jeesite/modules/act/service/ActProcessService.java. The attack vector is: network connectivity,authenticated,must upload a specially crafted xml file. The fixed version is: 4.0 and later."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XML External Entity (XXE)"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/thinkgem/jeesite/blob/master/src/main/java/com/thinkgem/jeesite/modules/act/service/ActProcessService.java",
"refsource": "MISC",
"name": "https://github.com/thinkgem/jeesite/blob/master/src/main/java/com/thinkgem/jeesite/modules/act/service/ActProcessService.java"
}
]
}

56
2019/1010xxx/CVE-2019-1010204.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "cve-assign@distributedweaknessfiling.org",
"ID": "CVE-2019-1010204",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "gold",
"version": {
"version_data": [
{
"version_value": "gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1)"
}
]
}
}
]
},
"vendor_name": "GNU binutils"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "GNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1) is affected by: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read. The impact is: Denial of service. The component is: gold/fileread.cc:497, elfcpp/elfcpp_file.h:644. The attack vector is: An ELF file with an invalid e_shoff header field must be opened."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=23765",
"refsource": "MISC",
"name": "https://sourceware.org/bugzilla/show_bug.cgi?id=23765"
}
]
}

56
2019/1010xxx/CVE-2019-1010205.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "cve-assign@distributedweaknessfiling.org",
"ID": "CVE-2019-1010205",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "hublin",
"version": {
"version_data": [
{
"version_value": "latest (commit 72ead897082403126bf8df9264e70f0a9de247ff)"
}
]
}
}
]
},
"vendor_name": "LINAGORA"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "LINAGORA hublin latest (commit 72ead897082403126bf8df9264e70f0a9de247ff) is affected by: Directory Traversal. The impact is: The vulnerability allows an attacker to access any file (with a fixed extension) on the server. The component is: A web-view renderer; details here: https://lgtm.com/projects/g/linagora/hublin/snapshot/af9f1ce253b4ee923ff8da8f9d908d02a8e95b7f/files/backend/webserver/views.js?sort=name&dir=ASC&mode=heatmap&showExcluded=false#xb24eb0101d2aec21:1. The attack vector is: Attacker sends a specially crafted HTTP request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Directory Traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://lgtm.com/projects/g/linagora/hublin/snapshot/af9f1ce253b4ee923ff8da8f9d908d02a8e95b7f/files/backend/webserver/views.js?sort=name&dir=ASC&mode=heatmap&showExcluded=false#xb24eb0101d2aec21:1",
"refsource": "MISC",
"name": "https://lgtm.com/projects/g/linagora/hublin/snapshot/af9f1ce253b4ee923ff8da8f9d908d02a8e95b7f/files/backend/webserver/views.js?sort=name&dir=ASC&mode=heatmap&showExcluded=false#xb24eb0101d2aec21:1"
}
]
}

56
2019/1010xxx/CVE-2019-1010206.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "cve-assign@distributedweaknessfiling.org",
"ID": "CVE-2019-1010206",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Http Request (Apache Cordova Plugin)",
"version": {
"version_data": [
{
"version_value": "6"
}
]
}
}
]
},
"vendor_name": "OSS"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "OSS Http Request (Apache Cordova Plugin) 6 is affected by: Missing SSL certificate validation. The impact is: certificate spoofing. The component is: use this library when https communication. The attack vector is: certificate spoofing."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Missing SSL certificate validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/kevinsawicki/http-request/blob/master/lib/src/main/java/com/github/kevinsawicki/http/HttpRequest.java",
"refsource": "MISC",
"name": "https://github.com/kevinsawicki/http-request/blob/master/lib/src/main/java/com/github/kevinsawicki/http/HttpRequest.java"
}
]
}

66
2019/1010xxx/CVE-2019-1010207.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "cve-assign@distributedweaknessfiling.org",
"ID": "CVE-2019-1010207",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Pie Register",
"version": {
"version_data": [
{
"version_value": "3.0.15 [fixed: 3.0.16]"
}
]
}
}
]
},
"vendor_name": "Genetechsolutions"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Genetechsolutions Pie Register 3.0.15 is affected by: Cross Site Scripting (XSS). The impact is: Stealing of session cookies. The component is: File: Login. Parameters: interim-login, wp-lang, and supplied URL. The attack vector is: If a victim clicks a malicious link, the attacker can steal his/her account. The fixed version is: 3.0.16."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross Site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://seclists.org/bugtraq/2018/Oct/16",
"refsource": "MISC",
"name": "https://seclists.org/bugtraq/2018/Oct/16"
},
{
"url": "https://packetstormsecurity.com/files/149665/wppieregister3015-xss.txt",
"refsource": "MISC",
"name": "https://packetstormsecurity.com/files/149665/wppieregister3015-xss.txt"
},
{
"url": "https://0day.today/exploit/31255",
"refsource": "MISC",
"name": "https://0day.today/exploit/31255"
}
]
}

56
2019/1010xxx/CVE-2019-1010208.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "cve-assign@distributedweaknessfiling.org",
"ID": "CVE-2019-1010208",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Veracrypt, Truecrypt",
"version": {
"version_data": [
{
"version_value": "Prior to 1.23-Hotfix-1 (Veracrypt), all versions (Truecrypt) [fixed: 1.23-Hotfix-1]"
}
]
}
}
]
},
"vendor_name": "IDRIX, Truecrypt"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "IDRIX, Truecrypt Veracrypt, Truecrypt Prior to 1.23-Hotfix-1 (Veracrypt), all versions (Truecrypt) is affected by: Buffer Overflow. The impact is: Minor information disclosure of kernel stack. The component is: Veracrypt NT Driver (veracrypt.sys). The attack vector is: Locally executed code, IOCTL request to driver. The fixed version is: 1.23-Hotfix-1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/veracrypt/VeraCrypt/commit/f30f9339c9a0b9bbcc6f5ad38804af39db1f479e",
"refsource": "MISC",
"name": "https://github.com/veracrypt/VeraCrypt/commit/f30f9339c9a0b9bbcc6f5ad38804af39db1f479e"
}
]
}

66
2019/1010xxx/CVE-2019-1010209.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "cve-assign@distributedweaknessfiling.org",
"ID": "CVE-2019-1010209",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GoURL Wordpress Plugin",
"version": {
"version_data": [
{
"version_value": "1.4.13 and earlier [fixed: 1.4.14]"
}
]
}
}
]
},
"vendor_name": "GoUrl.io"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "GoUrl.io GoURL Wordpress Plugin 1.4.13 and earlier is affected by: CWE-434. The impact is: unauthenticated/unzuthorized Attacker can upload executable file in website. The component is: gourl.php#L5637. The fixed version is: 1.4.14."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-434"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.youtube.com/watch?v=K2HElM_ZYu4",
"refsource": "MISC",
"name": "https://www.youtube.com/watch?v=K2HElM_ZYu4"
},
{
"url": "https://gist.github.com/pouyadarabi/467d3167551fb0712d3264c72db092af",
"refsource": "MISC",
"name": "https://gist.github.com/pouyadarabi/467d3167551fb0712d3264c72db092af"
},
{
"url": "https://github.com/cryptoapi/Bitcoin-Wordpress-Plugin/blob/8aa17068d7ba31a05f66e0ab2bbb55efb0f60017/gourl.php#L5637",
"refsource": "MISC",
"name": "https://github.com/cryptoapi/Bitcoin-Wordpress-Plugin/blob/8aa17068d7ba31a05f66e0ab2bbb55efb0f60017/gourl.php#L5637"
}
]
}

56
2019/1010xxx/CVE-2019-1010221.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "cve-assign@distributedweaknessfiling.org",
"ID": "CVE-2019-1010221",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "LineageOS",
"version": {
"version_data": [
{
"version_value": "16.0 and earlier"
}
]
}
}
]
},
"vendor_name": "LineageOS"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "LineageOS 16.0 and earlier is affected by: Incorrect Access Control. The impact is: The property checked by `adb root` can also be set in a normal adb shell session. The component is: adb shell (patches to fix this are at https://review.lineageos.org/c/LineageOS/android_system_core/+/234800, https://review.lineageos.org/c/LineageOS/android_device_lineage_sepolicy/+/234799). The attack vector is: When adb is enabled, and an attacker has physical access, `adb shell setprop service.adb.root 1` allows restarting adb as root."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Incorrect Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://gist.github.com/zifnab06/e31ad63596b63a95e061bfe1f49ff0a7",
"refsource": "MISC",
"name": "https://gist.github.com/zifnab06/e31ad63596b63a95e061bfe1f49ff0a7"
}
]
}

88
2019/11xxx/CVE-2019-11691.json
View File

@ -4,14 +4,96 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-11691",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mozilla.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Mozilla",
"product": {
"product_data": [
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_value": "60.7",
"version_affected": "<"
}
]
}
},
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_value": "67",
"version_affected": "<"
}
]
}
},
{
"product_name": "Firefox ESR",
"version": {
"version_data": [
{
"version_value": "60.7",
"version_affected": "<"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use-after-free in XMLHttpRequest"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.mozilla.org/security/advisories/mfsa2019-13/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2019-13/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2019-15/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2019-15/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2019-14/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2019-14/"
},
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1542465",
"refsource": "MISC",
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1542465"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A use-after-free vulnerability can occur when working with XMLHttpRequest (XHR) in an event loop, causing the XHR main thread to be called after it has been freed. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7."
}
]
}

88
2019/11xxx/CVE-2019-11692.json
View File

@ -4,14 +4,96 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-11692",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mozilla.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Mozilla",
"product": {
"product_data": [
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_value": "60.7",
"version_affected": "<"
}
]
}
},
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_value": "67",
"version_affected": "<"
}
]
}
},
{
"product_name": "Firefox ESR",
"version": {
"version_data": [
{
"version_value": "60.7",
"version_affected": "<"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use-after-free removing listeners in the event listener manager"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.mozilla.org/security/advisories/mfsa2019-13/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2019-13/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2019-15/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2019-15/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2019-14/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2019-14/"
},
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1544670",
"refsource": "MISC",
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1544670"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A use-after-free vulnerability can occur when listeners are removed from the event listener manager while still in use, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7."
}
]
}

88
2019/11xxx/CVE-2019-11693.json
View File

@ -4,14 +4,96 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-11693",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mozilla.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Mozilla",
"product": {
"product_data": [
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_value": "60.7",
"version_affected": "<"
}
]
}
},
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_value": "67",
"version_affected": "<"
}
]
}
},
{
"product_name": "Firefox ESR",
"version": {
"version_data": [
{
"version_value": "60.7",
"version_affected": "<"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer overflow in WebGL bufferdata on Linux"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.mozilla.org/security/advisories/mfsa2019-13/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2019-13/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2019-15/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2019-15/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2019-14/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2019-14/"
},
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1532525",
"refsource": "MISC",
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1532525"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The bufferdata function in WebGL is vulnerable to a buffer overflow with specific graphics drivers on Linux. This could result in malicious content freezing a tab or triggering a potentially exploitable crash. *Note: this issue only occurs on Linux. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7."
}
]
}

88
2019/11xxx/CVE-2019-11694.json
View File

@ -4,14 +4,96 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-11694",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mozilla.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Mozilla",
"product": {
"product_data": [
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_value": "60.7",
"version_affected": "<"
}
]
}
},
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_value": "67",
"version_affected": "<"
}
]
}
},
{
"product_name": "Firefox ESR",
"version": {
"version_data": [
{
"version_value": "60.7",
"version_affected": "<"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Uninitialized memory memory leakage in Windows sandbox"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.mozilla.org/security/advisories/mfsa2019-13/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2019-13/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2019-15/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2019-15/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2019-14/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2019-14/"
},
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1534196",
"refsource": "MISC",
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1534196"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability exists in the Windows sandbox where an uninitialized value in memory can be leaked to a renderer from a broker when making a call to access an otherwise unavailable file. This results in the potential leaking of information stored at that memory location. *Note: this issue only occurs on Windows. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7."
}
]
}

56
2019/11xxx/CVE-2019-11695.json
View File

@ -4,14 +4,64 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-11695",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mozilla.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Mozilla",
"product": {
"product_data": [
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_value": "67",
"version_affected": "<"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Custom cursor can render over user interface outside of web content"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.mozilla.org/security/advisories/mfsa2019-13/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2019-13/"
},
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1445844",
"refsource": "MISC",
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1445844"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A custom cursor defined by scripting on a site can position itself over the addressbar to spoof the actual cursor when it should not be allowed outside of the primary web content area. This could be used by a malicious site to trick users into clicking on permission prompts, doorhanger notifications, or other buttons inadvertently if the location is spoofed over the user interface. This vulnerability affects Firefox < 67."
}
]
}

56
2019/11xxx/CVE-2019-11696.json
View File

@ -4,14 +4,64 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-11696",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mozilla.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Mozilla",
"product": {
"product_data": [
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_value": "67",
"version_affected": "<"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Java web start .JNLP files are not recognized as executable files for download prompts"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.mozilla.org/security/advisories/mfsa2019-13/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2019-13/"
},
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1392955",
"refsource": "MISC",
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1392955"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Files with the .JNLP extension used for \"Java web start\" applications are not treated as executable content for download prompts even though they can be executed if Java is installed on the local system. This could allow users to mistakenly launch an executable binary locally. This vulnerability affects Firefox < 67."
}
]
}

56
2019/11xxx/CVE-2019-11697.json
View File

@ -4,14 +4,64 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-11697",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mozilla.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Mozilla",
"product": {
"product_data": [
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_value": "67",
"version_affected": "<"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Pressing key combinations can bypass installation prompt delays and install extensions"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.mozilla.org/security/advisories/mfsa2019-13/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2019-13/"
},
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1440079",
"refsource": "MISC",
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1440079"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "If the ALT and \"a\" keys are pressed when users receive an extension installation prompt, the extension will be installed without the install prompt delay that keeps the prompt visible in order for users to accept or decline the installation. A malicious web page could use this with spoofing on the page to trick users into installing a malicious extension. This vulnerability affects Firefox < 67."
}
]
}

88
2019/11xxx/CVE-2019-11698.json
View File

@ -4,14 +4,96 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-11698",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mozilla.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Mozilla",
"product": {
"product_data": [
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_value": "60.7",
"version_affected": "<"
}
]
}
},
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_value": "67",
"version_affected": "<"
}
]
}
},
{
"product_name": "Firefox ESR",
"version": {
"version_data": [
{
"version_value": "60.7",
"version_affected": "<"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Theft of user history data through drag and drop of hyperlinks to and from bookmarks"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.mozilla.org/security/advisories/mfsa2019-13/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2019-13/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2019-15/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2019-15/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2019-14/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2019-14/"
},
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1543191",
"refsource": "MISC",
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1543191"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "If a crafted hyperlink is dragged and dropped to the bookmark bar or sidebar and the resulting bookmark is subsequently dragged and dropped into the web content area, an arbitrary query of a user's browser history can be run and transmitted to the content page via drop event data. This allows for the theft of browser history by a malicious site. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7."
}
]
}

56
2019/11xxx/CVE-2019-11699.json
View File

@ -4,14 +4,64 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-11699",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mozilla.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Mozilla",
"product": {
"product_data": [
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_value": "67",
"version_affected": "<"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Incorrect domain name highlighting during page navigation"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.mozilla.org/security/advisories/mfsa2019-13/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2019-13/"
},
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1528939",
"refsource": "MISC",
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1528939"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A malicious page can briefly cause the wrong name to be highlighted as the domain name in the addressbar during page navigations. This could result in user confusion of which site is currently loaded for spoofing attacks. This vulnerability affects Firefox < 67."
}
]
}

56
2019/11xxx/CVE-2019-11700.json
View File

@ -4,14 +4,64 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-11700",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mozilla.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Mozilla",
"product": {
"product_data": [
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_value": "67",
"version_affected": "<"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "res: protocol can be used to open known local files"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.mozilla.org/security/advisories/mfsa2019-13/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2019-13/"
},
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1549833",
"refsource": "MISC",
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1549833"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A hyperlink using the res: protocol can be used to open local files at a known location in Internet Explorer if a user approves execution when prompted. *Note: this issue only occurs on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 67."
}
]
}

56
2019/11xxx/CVE-2019-11701.json
View File

@ -4,14 +4,64 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-11701",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mozilla.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Mozilla",
"product": {
"product_data": [
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_value": "67",
"version_affected": "<"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "webcal: protocol default handler loads vulnerable web page"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.mozilla.org/security/advisories/mfsa2019-13/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2019-13/"
},
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1518627",
"refsource": "MISC",
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1518627"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The default webcal: protocol handler will load a web site vulnerable to cross-site scripting (XSS) attacks. This default was left in place as a legacy feature and has now been removed. *Note: this issue only affects users with an account on the vulnerable service. Other users are unaffected.*. This vulnerability affects Firefox < 67."
}
]
}

56
2019/11xxx/CVE-2019-11702.json
View File

@ -4,14 +4,64 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-11702",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mozilla.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Mozilla",
"product": {
"product_data": [
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_value": "67.0.2",
"version_affected": "<"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IE protocols can be used to open known local files"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.mozilla.org/security/advisories/mfsa2019-16/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2019-16/"
},
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1552627",
"refsource": "MISC",
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1552627"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A hyperlink using protocols associated with Internet Explorer, such as IE.HTTP:, can be used to open local files at a known location with Internet Explorer if a user approves execution when prompted. *Note: this issue only occurs on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 67.0.2."
}
]
}

56
2019/11xxx/CVE-2019-11703.json
View File

@ -4,14 +4,64 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-11703",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mozilla.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Mozilla",
"product": {
"product_data": [
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_value": "60.7.1",
"version_affected": "<"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Heap buffer overflow in icalparser.c"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.mozilla.org/security/advisories/mfsa2019-17/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2019-17/"
},
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1553820",
"refsource": "MISC",
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1553820"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A flaw in Thunderbird's implementation of iCal causes a heap buffer overflow in parser_get_next_char when processing certain email messages, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7.1."
}
]
}

56
2019/11xxx/CVE-2019-11704.json
View File

@ -4,14 +4,64 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-11704",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mozilla.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Mozilla",
"product": {
"product_data": [
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_value": "60.7.1",
"version_affected": "<"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Heap buffer overflow in icalvalue.c"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.mozilla.org/security/advisories/mfsa2019-17/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2019-17/"
},
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1553814",
"refsource": "MISC",
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1553814"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A flaw in Thunderbird's implementation of iCal causes a heap buffer overflow in icalmemory_strdup_and_dequote when processing certain email messages, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7.1."
}
]
}

56
2019/11xxx/CVE-2019-11705.json
View File

@ -4,14 +4,64 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-11705",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mozilla.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Mozilla",
"product": {
"product_data": [
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_value": "60.7.1",
"version_affected": "<"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Stack buffer overflow in icalrecur.c"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.mozilla.org/security/advisories/mfsa2019-17/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2019-17/"
},
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1553808",
"refsource": "MISC",
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1553808"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A flaw in Thunderbird's implementation of iCal causes a stack buffer overflow in icalrecur_add_bydayrules when processing certain email messages, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7.1."
}
]
}

56
2019/11xxx/CVE-2019-11706.json
View File

@ -4,14 +4,64 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-11706",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mozilla.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Mozilla",
"product": {
"product_data": [
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_value": "60.7.1",
"version_affected": "<"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Type confusion in icalproperty.c"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.mozilla.org/security/advisories/mfsa2019-17/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2019-17/"
},
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1555646",
"refsource": "MISC",
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1555646"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A flaw in Thunderbird's implementation of iCal causes a type confusion in icaltimezone_get_vtimezone_properties when processing certain email messages, resulting in a crash. This vulnerability affects Thunderbird < 60.7.1."
}
]
}

83
2019/11xxx/CVE-2019-11707.json
View File

@ -4,14 +4,91 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-11707",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mozilla.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Mozilla",
"product": {
"product_data": [
{
"product_name": "Firefox ESR",
"version": {
"version_data": [
{
"version_value": "60.7.1",
"version_affected": "<"
}
]
}
},
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_value": "67.0.3",
"version_affected": "<"
}
]
}
},
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_value": "60.7.2",
"version_affected": "<"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Type confusion in Array.pop"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.mozilla.org/security/advisories/mfsa2019-20/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2019-20/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2019-18/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2019-18/"
},
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1544386",
"refsource": "MISC",
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1544386"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR < 60.7.1, Firefox < 67.0.3, and Thunderbird < 60.7.2."
}
]
}

83
2019/11xxx/CVE-2019-11708.json
View File

@ -4,14 +4,91 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-11708",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mozilla.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Mozilla",
"product": {
"product_data": [
{
"product_name": "Firefox ESR",
"version": {
"version_data": [
{
"version_value": "60.7.2",
"version_affected": "<"
}
]
}
},
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_value": "67.0.4",
"version_affected": "<"
}
]
}
},
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_value": "60.7.2",
"version_affected": "<"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "sandbox escape using Prompt:Open"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.mozilla.org/security/advisories/mfsa2019-19/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2019-19/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2019-20/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2019-20/"
},
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1559858",
"refsource": "MISC",
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1559858"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed parent process opening web content chosen by a compromised child process. When combined with additional vulnerabilities this could result in executing arbitrary code on the user's computer. This vulnerability affects Firefox ESR < 60.7.2, Firefox < 67.0.4, and Thunderbird < 60.7.2."
}
]
}

88
2019/11xxx/CVE-2019-11709.json
View File

@ -4,14 +4,96 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-11709",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mozilla.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Mozilla",
"product": {
"product_data": [
{
"product_name": "Firefox ESR",
"version": {
"version_data": [
{
"version_value": "60.8",
"version_affected": "<"
}
]
}
},
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_value": "68",
"version_affected": "<"
}
]
}
},
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_value": "60.8",
"version_affected": "<"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Memory safety bugs fixed in Firefox 68 and Firefox ESR 60.8"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.mozilla.org/security/advisories/mfsa2019-21/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2019-21/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2019-22/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2019-22/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2019-23/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2019-23/"
},
{
"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1547266%2C1540759%2C1548822%2C1550498%2C1515052%2C1539219%2C1547757%2C1550498%2C1533522",
"refsource": "MISC",
"name": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1547266%2C1540759%2C1548822%2C1550498%2C1515052%2C1539219%2C1547757%2C1550498%2C1533522"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Mozilla developers and community members reported memory safety bugs present in Firefox 67 and Firefox ESR 60.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8."
}
]
}

56
2019/11xxx/CVE-2019-11710.json
View File

@ -4,14 +4,64 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-11710",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mozilla.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Mozilla",
"product": {
"product_data": [
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_value": "68",
"version_affected": "<"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Memory safety bugs fixed in Firefox 68"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.mozilla.org/security/advisories/mfsa2019-21/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2019-21/"
},
{
"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1549768%2C1548611%2C1533842%2C1537692%2C1540590%2C1551907%2C1510345%2C1535482%2C1535848%2C1547472%2C1547760%2C1507696%2C1544180",
"refsource": "MISC",
"name": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1549768%2C1548611%2C1533842%2C1537692%2C1540590%2C1551907%2C1510345%2C1535482%2C1535848%2C1547472%2C1547760%2C1507696%2C1544180"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Mozilla developers and community members reported memory safety bugs present in Firefox 67. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 68."
}
]
}

88
2019/11xxx/CVE-2019-11711.json
View File

@ -4,14 +4,96 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-11711",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mozilla.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Mozilla",
"product": {
"product_data": [
{
"product_name": "Firefox ESR",
"version": {
"version_data": [
{
"version_value": "60.8",
"version_affected": "<"
}
]
}
},
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_value": "68",
"version_affected": "<"
}
]
}
},
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_value": "60.8",
"version_affected": "<"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Script injection within domain through inner window reuse"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.mozilla.org/security/advisories/mfsa2019-21/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2019-21/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2019-22/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2019-22/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2019-23/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2019-23/"
},
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1552541",
"refsource": "MISC",
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1552541"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "When an inner window is reused, it does not consider the use of document.domain for cross-origin protections. If pages on different subdomains ever cooperatively use document.domain, then either page can abuse this to inject script into arbitrary pages on the other subdomain, even those that did not use document.domain to relax their origin security. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8."
}
]
}

88
2019/11xxx/CVE-2019-11712.json
View File

@ -4,14 +4,96 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-11712",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mozilla.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Mozilla",
"product": {
"product_data": [
{
"product_name": "Firefox ESR",
"version": {
"version_data": [
{
"version_value": "60.8",
"version_affected": "<"
}
]
}
},
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_value": "68",
"version_affected": "<"
}
]
}
},
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_value": "60.8",
"version_affected": "<"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.mozilla.org/security/advisories/mfsa2019-21/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2019-21/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2019-22/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2019-22/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2019-23/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2019-23/"
},
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1543804",
"refsource": "MISC",
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1543804"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "POST requests made by NPAPI plugins, such as Flash, that receive a status 308 redirect response can bypass CORS requirements. This can allow an attacker to perform Cross-Site Request Forgery (CSRF) attacks. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8."
}
]
}

88
2019/11xxx/CVE-2019-11713.json
View File

@ -4,14 +4,96 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-11713",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mozilla.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Mozilla",
"product": {
"product_data": [
{
"product_name": "Firefox ESR",
"version": {
"version_data": [
{
"version_value": "60.8",
"version_affected": "<"
}
]
}
},
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_value": "68",
"version_affected": "<"
}
]
}
},
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_value": "60.8",
"version_affected": "<"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use-after-free with HTTP/2 cached stream"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.mozilla.org/security/advisories/mfsa2019-21/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2019-21/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2019-22/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2019-22/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2019-23/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2019-23/"
},
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1528481",
"refsource": "MISC",
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1528481"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A use-after-free vulnerability can occur in HTTP/2 when a cached HTTP/2 stream is closed while still in use, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8."
}
]
}

56
2019/11xxx/CVE-2019-11714.json
View File

@ -4,14 +4,64 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-11714",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mozilla.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Mozilla",
"product": {
"product_data": [
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_value": "68",
"version_affected": "<"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "NeckoChild can trigger crash when accessed off of main thread"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.mozilla.org/security/advisories/mfsa2019-21/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2019-21/"
},
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1542593",
"refsource": "MISC",
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1542593"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Necko can access a child on the wrong thread during UDP connections, resulting in a potentially exploitable crash in some instances. This vulnerability affects Firefox < 68."
}
]
}

88
2019/11xxx/CVE-2019-11715.json
View File

@ -4,14 +4,96 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-11715",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mozilla.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Mozilla",
"product": {
"product_data": [
{
"product_name": "Firefox ESR",
"version": {
"version_data": [
{
"version_value": "60.8",
"version_affected": "<"
}
]
}
},
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_value": "68",
"version_affected": "<"
}
]
}
},
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_value": "60.8",
"version_affected": "<"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "HTML parsing error can contribute to content XSS"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.mozilla.org/security/advisories/mfsa2019-21/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2019-21/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2019-22/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2019-22/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2019-23/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2019-23/"
},
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1555523",
"refsource": "MISC",
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1555523"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Due to an error while parsing page content, it is possible for properly sanitized user input to be misinterpreted and lead to XSS hazards on web sites in certain circumstances. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8."
}
]
}

56
2019/11xxx/CVE-2019-11716.json
View File

@ -4,14 +4,64 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-11716",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mozilla.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Mozilla",
"product": {
"product_data": [
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_value": "68",
"version_affected": "<"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "globalThis not enumerable until accessed"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.mozilla.org/security/advisories/mfsa2019-21/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2019-21/"
},
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1552632",
"refsource": "MISC",
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1552632"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Until explicitly accessed by script, window.globalThis is not enumerable and, as a result, is not visible to code such as Object.getOwnPropertyNames(window). Sites that deploy a sandboxing that depends on enumerating and freezing access to the window object may miss this, allowing their sandboxes to be bypassed. This vulnerability affects Firefox < 68."
}
]
}

88
2019/11xxx/CVE-2019-11717.json
View File

@ -4,14 +4,96 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-11717",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mozilla.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Mozilla",
"product": {
"product_data": [
{
"product_name": "Firefox ESR",
"version": {
"version_data": [
{
"version_value": "60.8",
"version_affected": "<"
}
]
}
},
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_value": "68",
"version_affected": "<"
}
]
}
},
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_value": "60.8",
"version_affected": "<"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Caret character improperly escaped in origins"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.mozilla.org/security/advisories/mfsa2019-21/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2019-21/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2019-22/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2019-22/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2019-23/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2019-23/"
},
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1548306",
"refsource": "MISC",
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1548306"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability exists where the caret (\"^\") character is improperly escaped constructing some URIs due to it being used as a separator, allowing for possible spoofing of origin attributes. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8."
}
]
}

56
2019/11xxx/CVE-2019-11718.json
View File

@ -4,14 +4,64 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-11718",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mozilla.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Mozilla",
"product": {
"product_data": [
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_value": "68",
"version_affected": "<"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Activity Stream writes unsanitized content to innerHTML"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.mozilla.org/security/advisories/mfsa2019-21/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2019-21/"
},
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1408349",
"refsource": "MISC",
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1408349"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Activity Stream can display content from sent from the Snippet Service website. This content is written to innerHTML on the Activity Stream page without sanitization, allowing for a potential access to other information available to the Activity Stream, such as browsing history, if the Snipper Service were compromised. This vulnerability affects Firefox < 68."
}
]
}

88
2019/11xxx/CVE-2019-11719.json
View File

@ -4,14 +4,96 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-11719",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mozilla.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Mozilla",
"product": {
"product_data": [
{
"product_name": "Firefox ESR",
"version": {
"version_data": [
{
"version_value": "60.8",
"version_affected": "<"
}
]
}
},
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_value": "68",
"version_affected": "<"
}
]
}
},
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_value": "60.8",
"version_affected": "<"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bounds read when importing curve25519 private key"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.mozilla.org/security/advisories/mfsa2019-21/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2019-21/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2019-22/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2019-22/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2019-23/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2019-23/"
},
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1540541",
"refsource": "MISC",
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1540541"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "When importing a curve25519 private key in PKCS#8format with leading 0x00 bytes, it is possible to trigger an out-of-bounds read in the Network Security Services (NSS) library. This could lead to information disclosure. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8."
}
]
}

56
2019/11xxx/CVE-2019-11720.json
View File

@ -4,14 +4,64 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-11720",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mozilla.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Mozilla",
"product": {
"product_data": [
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_value": "68",
"version_affected": "<"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Character encoding XSS vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.mozilla.org/security/advisories/mfsa2019-21/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2019-21/"
},
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1556230",
"refsource": "MISC",
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1556230"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Some unicode characters are incorrectly treated as whitespace during the parsing of web content instead of triggering parsing errors. This allows malicious code to then be processed, evading cross-site scripting (XSS) filtering. This vulnerability affects Firefox < 68."
}
]
}

56
2019/11xxx/CVE-2019-11721.json
View File

@ -4,14 +4,64 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-11721",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mozilla.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Mozilla",
"product": {
"product_data": [
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_value": "68",
"version_affected": "<"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Domain spoofing through unicode latin 'kra' character"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.mozilla.org/security/advisories/mfsa2019-21/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2019-21/"
},
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1256009",
"refsource": "MISC",
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1256009"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The unicode latin 'kra' character can be used to spoof a standard 'k' character in the addressbar. This allows for domain spoofing attacks as do not display as punycode text, allowing for user confusion. This vulnerability affects Firefox < 68."
}
]
}

56
2019/11xxx/CVE-2019-11723.json
View File

@ -4,14 +4,64 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-11723",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mozilla.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Mozilla",
"product": {
"product_data": [
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_value": "68",
"version_affected": "<"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cookie leakage during add-on fetching across private browsing boundaries"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.mozilla.org/security/advisories/mfsa2019-21/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2019-21/"
},
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1528335",
"refsource": "MISC",
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1528335"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability exists during the installation of add-ons where the initial fetch ignored the origin attributes of the browsing context. This could leak cookies in private browsing mode or across different \"containers\" for people who use the Firefox Multi-Account Containers Web Extension. This vulnerability affects Firefox < 68."
}
]
}

56
2019/11xxx/CVE-2019-11724.json
View File

@ -4,14 +4,64 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-11724",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mozilla.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Mozilla",
"product": {
"product_data": [
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_value": "68",
"version_affected": "<"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Retired site input.mozilla.org has remote troubleshooting permissions"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.mozilla.org/security/advisories/mfsa2019-21/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2019-21/"
},
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1512511",
"refsource": "MISC",
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1512511"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Application permissions give additional remote troubleshooting permission to the site input.mozilla.org, which has been retired and now redirects to another site. This additional permission is unnecessary and is a potential vector for malicious attacks. This vulnerability affects Firefox < 68."
}
]
}

56
2019/11xxx/CVE-2019-11725.json
View File

@ -4,14 +4,64 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-11725",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mozilla.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Mozilla",
"product": {
"product_data": [
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_value": "68",
"version_affected": "<"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Websocket resources bypass safebrowsing protections"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.mozilla.org/security/advisories/mfsa2019-21/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2019-21/"
},
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1483510",
"refsource": "MISC",
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1483510"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "When a user navigates to site marked as unsafe by the Safebrowsing API, warning messages are displayed and navigation is interrupted but resources from the same site loaded through websockets are not blocked, leading to the loading of unsafe resources and bypassing safebrowsing protections. This vulnerability affects Firefox < 68."
}
]
}

56
2019/11xxx/CVE-2019-11727.json
View File

@ -4,14 +4,64 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-11727",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mozilla.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Mozilla",
"product": {
"product_data": [
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_value": "68",
"version_affected": "<"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "PKCS#1 v1.5 signatures can be used for TLS 1.3"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.mozilla.org/security/advisories/mfsa2019-21/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2019-21/"
},
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1552208",
"refsource": "MISC",
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1552208"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability exists where it possible to force Network Security Services (NSS) to sign CertificateVerify with PKCS#1 v1.5 signatures when those are the only ones advertised by server in CertificateRequest in TLS 1.3. PKCS#1 v1.5 signatures should not be used for TLS 1.3 messages. This vulnerability affects Firefox < 68."
}
]
}

56
2019/11xxx/CVE-2019-11728.json
View File

@ -4,14 +4,64 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-11728",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mozilla.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Mozilla",
"product": {
"product_data": [
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_value": "68",
"version_affected": "<"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Port scanning through Alt-Svc header"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.mozilla.org/security/advisories/mfsa2019-21/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2019-21/"
},
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1552993",
"refsource": "MISC",
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1552993"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The HTTP Alternative Services header, Alt-Svc, can be used by a malicious site to scan all TCP ports of any host that the accessible to a user when web content is loaded. This vulnerability affects Firefox < 68."
}
]
}

88
2019/11xxx/CVE-2019-11729.json
View File

@ -4,14 +4,96 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-11729",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mozilla.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Mozilla",
"product": {
"product_data": [
{
"product_name": "Firefox ESR",
"version": {
"version_data": [
{
"version_value": "60.8",
"version_affected": "<"
}
]
}
},
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_value": "68",
"version_affected": "<"
}
]
}
},
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_value": "60.8",
"version_affected": "<"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Empty or malformed p256-ECDH public keys may trigger a segmentation fault"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.mozilla.org/security/advisories/mfsa2019-21/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2019-21/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2019-22/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2019-22/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2019-23/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2019-23/"
},
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1515342",
"refsource": "MISC",
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1515342"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8."
}
]
}

88
2019/11xxx/CVE-2019-11730.json
View File

@ -4,14 +4,96 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-11730",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mozilla.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Mozilla",
"product": {
"product_data": [
{
"product_name": "Firefox ESR",
"version": {
"version_data": [
{
"version_value": "60.8",
"version_affected": "<"
}
]
}
},
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_value": "68",
"version_affected": "<"
}
]
}
},
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_value": "60.8",
"version_affected": "<"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Same-origin policy treats all files in a directory as having the same-origin"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.mozilla.org/security/advisories/mfsa2019-21/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2019-21/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2019-22/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2019-22/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2019-23/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2019-23/"
},
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1558299",
"refsource": "MISC",
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1558299"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability exists where if a user opens a locally saved HTML file, this file can use file: URIs to access other files in the same directory or sub-directories if the names are known or guessed. The Fetch API can then be used to read the contents of any files stored in these directories and they may uploaded to a server. It was demonstrated that in combination with a popular Android messaging app, if a malicious HTML attachment is sent to a user and they opened that attachment in Firefox, due to that app's predictable pattern for locally-saved file names, it is possible to read attachments the victim received from other correspondents. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8."
}
]
}

5
2019/12xxx/CVE-2019-12934.json
View File

@ -61,6 +61,11 @@
"refsource": "MISC",
"name": "https://zeroauth.ltd/blog/2019/07/17/cve-2019-12934-wp-code-highlightjs-wordpress-plugin-csrf-leads-to-blog-wide-injected-script-html/",
"url": "https://zeroauth.ltd/blog/2019/07/17/cve-2019-12934-wp-code-highlightjs-wordpress-plugin-csrf-leads-to-blog-wide-injected-script-html/"
},
{
"refsource": "BID",
"name": "109331",
"url": "http://www.securityfocus.com/bid/109331"
}
]
}

96
2019/9xxx/CVE-2019-9800.json
View File

@ -1,17 +1,99 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-9800",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-9800",
"ASSIGNER": "security@mozilla.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Mozilla",
"product": {
"product_data": [
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_value": "60.7",
"version_affected": "<"
}
]
}
},
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_value": "67",
"version_affected": "<"
}
]
}
},
{
"product_name": "Firefox ESR",
"version": {
"version_data": [
{
"version_value": "60.7",
"version_affected": "<"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Memory safety bugs fixed in Firefox 67, Firefox ESR 60.7, and Thunderbird 60.7"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.mozilla.org/security/advisories/mfsa2019-13/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2019-13/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2019-15/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2019-15/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2019-14/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2019-14/"
},
{
"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1540166%2C1534593%2C1546327%2C1540136%2C1538736%2C1538042%2C1535612%2C1499719%2C1499108%2C1538619%2C1535194%2C1516325%2C1542324%2C1542097%2C1532465%2C1533554%2C1541580",
"refsource": "MISC",
"name": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1540166%2C1534593%2C1546327%2C1540136%2C1538736%2C1538042%2C1535612%2C1499719%2C1499108%2C1538619%2C1535194%2C1516325%2C1542324%2C1542097%2C1532465%2C1533554%2C1541580"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Mozilla developers and community members reported memory safety bugs present in Firefox 66, Firefox ESR 60.6, and Thunderbird 60.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7."
}
]
}

106
2019/9xxx/CVE-2019-9811.json
View File

@ -1,17 +1,109 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-9811",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-9811",
"ASSIGNER": "security@mozilla.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Mozilla",
"product": {
"product_data": [
{
"product_name": "Firefox ESR",
"version": {
"version_data": [
{
"version_value": "60.8",
"version_affected": "<"
}
]
}
},
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_value": "68",
"version_affected": "<"
}
]
}
},
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_value": "60.8",
"version_affected": "<"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Sandbox escape via installation of malicious language pack"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.mozilla.org/security/advisories/mfsa2019-21/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2019-21/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2019-22/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2019-22/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2019-23/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2019-23/"
},
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1538007",
"refsource": "MISC",
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1538007"
},
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1539598",
"refsource": "MISC",
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1539598"
},
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1563327",
"refsource": "MISC",
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1563327"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "As part of a winning Pwn2Own entry, a researcher demonstrated a sandbox escape by installing a malicious language pack and then opening a browser feature that used the compromised translation. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8."
}
]
}

64
2019/9xxx/CVE-2019-9814.json
View File

@ -1,17 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-9814",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-9814",
"ASSIGNER": "security@mozilla.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Mozilla",
"product": {
"product_data": [
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_value": "67",
"version_affected": "<"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Memory safety bugs fixed in Firefox 67"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.mozilla.org/security/advisories/mfsa2019-13/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2019-13/"
},
{
"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1527592%2C1534536%2C1520132%2C1543159%2C1539393%2C1459932%2C1459182%2C1516425",
"refsource": "MISC",
"name": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1527592%2C1534536%2C1520132%2C1543159%2C1539393%2C1459932%2C1459182%2C1516425"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Mozilla developers and community members reported memory safety bugs present in Firefox 66. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 67."
}
]
}

101
2019/9xxx/CVE-2019-9815.json
View File

@ -1,17 +1,104 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-9815",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-9815",
"ASSIGNER": "security@mozilla.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Mozilla",
"product": {
"product_data": [
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_value": "60.7",
"version_affected": "<"
}
]
}
},
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_value": "67",
"version_affected": "<"
}
]
}
},
{
"product_name": "Firefox ESR",
"version": {
"version_data": [
{
"version_value": "60.7",
"version_affected": "<"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Disable hyperthreading on content JavaScript threads on macOS"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.mozilla.org/security/advisories/mfsa2019-13/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2019-13/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2019-15/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2019-15/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2019-14/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2019-14/"
},
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1546544",
"refsource": "MISC",
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1546544"
},
{
"url": "https://mdsattacks.com/",
"refsource": "MISC",
"name": "https://mdsattacks.com/"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "If hyperthreading is not disabled, a timing attack vulnerability exists, similar to previous Spectre attacks. Apple has shipped macOS 10.14.5 with an option to disable hyperthreading in applications running untrusted code in a thread through a new sysctl. Firefox now makes use of it on the main thread and any worker threads. *Note: users need to update to macOS 10.14.5 in order to take advantage of this change.*. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7."
}
]
}

96
2019/9xxx/CVE-2019-9816.json
View File

@ -1,17 +1,99 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-9816",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-9816",
"ASSIGNER": "security@mozilla.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Mozilla",
"product": {
"product_data": [
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_value": "60.7",
"version_affected": "<"
}
]
}
},
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_value": "67",
"version_affected": "<"
}
]
}
},
{
"product_name": "Firefox ESR",
"version": {
"version_data": [
{
"version_value": "60.7",
"version_affected": "<"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Type confusion with object groups and UnboxedObjects"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.mozilla.org/security/advisories/mfsa2019-13/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2019-13/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2019-15/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2019-15/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2019-14/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2019-14/"
},
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1536768",
"refsource": "MISC",
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1536768"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A possible vulnerability exists where type confusion can occur when manipulating JavaScript objects in object groups, allowing for the bypassing of security checks within these groups. *Note: this vulnerability has only been demonstrated with UnboxedObjects, which are disabled by default on all supported releases.*. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7."
}
]
}

96
2019/9xxx/CVE-2019-9817.json
View File

@ -1,17 +1,99 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-9817",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-9817",
"ASSIGNER": "security@mozilla.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Mozilla",
"product": {
"product_data": [
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_value": "60.7",
"version_affected": "<"
}
]
}
},
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_value": "67",
"version_affected": "<"
}
]
}
},
{
"product_name": "Firefox ESR",
"version": {
"version_data": [
{
"version_value": "60.7",
"version_affected": "<"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Stealing of cross-domain images using canvas"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.mozilla.org/security/advisories/mfsa2019-13/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2019-13/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2019-15/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2019-15/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2019-14/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2019-14/"
},
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1540221",
"refsource": "MISC",
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1540221"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Images from a different domain can be read using a canvas object in some circumstances. This could be used to steal image data from a different site in violation of same-origin policy. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7."
}
]
}

96
2019/9xxx/CVE-2019-9818.json
View File

@ -1,17 +1,99 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-9818",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-9818",
"ASSIGNER": "security@mozilla.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Mozilla",
"product": {
"product_data": [
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_value": "60.7",
"version_affected": "<"
}
]
}
},
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_value": "67",
"version_affected": "<"
}
]
}
},
{
"product_name": "Firefox ESR",
"version": {
"version_data": [
{
"version_value": "60.7",
"version_affected": "<"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use-after-free in crash generation server"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.mozilla.org/security/advisories/mfsa2019-13/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2019-13/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2019-15/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2019-15/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2019-14/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2019-14/"
},
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1542581",
"refsource": "MISC",
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1542581"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A race condition is present in the crash generation server used to generate data for the crash reporter. This issue can lead to a use-after-free in the main process, resulting in a potentially exploitable crash and a sandbox escape. *Note: this vulnerability only affects Windows. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7."
}
]
}

96
2019/9xxx/CVE-2019-9819.json
View File

@ -1,17 +1,99 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-9819",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-9819",
"ASSIGNER": "security@mozilla.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Mozilla",
"product": {
"product_data": [
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_value": "60.7",
"version_affected": "<"
}
]
}
},
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_value": "67",
"version_affected": "<"
}
]
}
},
{
"product_name": "Firefox ESR",
"version": {
"version_data": [
{
"version_value": "60.7",
"version_affected": "<"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Compartment mismatch with fetch API"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.mozilla.org/security/advisories/mfsa2019-13/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2019-13/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2019-15/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2019-15/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2019-14/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2019-14/"
},
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1532553",
"refsource": "MISC",
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1532553"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability where a JavaScript compartment mismatch can occur while working with the fetch API, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7."
}
]
}

96
2019/9xxx/CVE-2019-9820.json
View File

@ -1,17 +1,99 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-9820",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-9820",
"ASSIGNER": "security@mozilla.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Mozilla",
"product": {
"product_data": [
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_value": "60.7",
"version_affected": "<"
}
]
}
},
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_value": "67",
"version_affected": "<"
}
]
}
},
{
"product_name": "Firefox ESR",
"version": {
"version_data": [
{
"version_value": "60.7",
"version_affected": "<"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use-after-free of ChromeEventHandler by DocShell"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.mozilla.org/security/advisories/mfsa2019-13/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2019-13/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2019-15/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2019-15/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2019-14/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2019-14/"
},
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1536405",
"refsource": "MISC",
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1536405"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A use-after-free vulnerability can occur in the chrome event handler when it is freed while still in use. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7."
}
]
}

64
2019/9xxx/CVE-2019-9821.json
View File

@ -1,17 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-9821",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-9821",
"ASSIGNER": "security@mozilla.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Mozilla",
"product": {
"product_data": [
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_value": "67",
"version_affected": "<"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use-after-free in AssertWorkerThread"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.mozilla.org/security/advisories/mfsa2019-13/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2019-13/"
},
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1539125",
"refsource": "MISC",
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1539125"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A use-after-free vulnerability can occur in AssertWorkerThread due to a race condition with shared workers. This results in a potentially exploitable crash. This vulnerability affects Firefox < 67."
}
]
}