Mozilla Firefox version 67 Array.pop JIT type confusion exploit with sandbox escape.
ea77bcb04a25a270665e987ce8e0f9878c2f6fe16545ba359cd08d31ae8178ab
This is a full browser compromise exploit chain targeting Mozilla Firefox on Windows 64-bit. It uses CVE-2019-9810 for getting code execution in both the content process as well as the parent process and CVE-2019-11708 to trick the parent process into browsing to an arbitrary URL.
9b6b4e57729b361dc8c968a497ed828d4104708a0de054bdc98f0d4df499c7d5
The NTFS driver supports a new FS control code to set a mount point which the existing sandbox mitigation doesn't support allowing a sandboxed application to set an arbitrary mount point symbolic link.
5e9c5121a127979454b72fcbedbeaf8818d0f391241fc1114f924d8d9e628a56
Gentoo Linux Security Advisory 201908-20 - Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. Versions less than 60.8.0 are affected.
82247292a5a89d4970f5b857f57386823ecdf480b9bfb07d6b1153f2b435c3fa
Gentoo Linux Security Advisory 201908-12 - Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code. Versions less than 60.8.0 are affected.
9c1b71d78a94d040a45e2a38d652fada76b7a84a057a50826157ff452c810ac7
Ubuntu Security Notice 4064-1 - A sandbox escape was discovered in Thunderbird. If a user were tricked in to installing a malicious language pack, an attacker could exploit this to gain additional privileges. Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, bypass same origin restrictions, conduct cross-site scripting attacks, spoof origin attributes, or execute arbitrary code. Various other issues were also addressed.
d8bb2d36469cca9788e2761790b4d38cd8c92d475841dd30ce09db715d30ac1e
Red Hat Security Advisory 2019-1799-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.8.0. Issues addressed include cross site scripting and use-after-free vulnerabilities.
c12cee99bf0a65707b0961c6d9fd53170af421ed97528139f98de3e55740e01f
Debian Linux Security Advisory 4482-1 - Multiple security issues have been found in Thunderbird which could potentially result in the execution of arbitrary code, cross-site scripting, spoofing, information disclosure, denial of service or cross-site request forgery.
69c08ed8e390352134d4e82107d271ecf374e44e67e179253d8ed85a27bb2c5c
Red Hat Security Advisory 2019-1777-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.8.0. Issues addressed include cross site scripting and use-after-free vulnerabilities.
ded784e6b90862954f145c1efb4dfc722d729e15ce361cac0bf44b2f60382523
Red Hat Security Advisory 2019-1775-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.8.0. Issues addressed include cross site scripting and use-after-free vulnerabilities.
1e7c25d77690089f3f49e76d127be073424e1d90116b742f6b339c94ab914f46
Ubuntu Security Notice 4054-1 - A sandbox escape was discovered in Firefox. If a user were tricked in to installing a malicious language pack, an attacker could exploit this to gain additional privileges. Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass same origin restrictions, conduct cross-site scripting attacks, conduct cross-site request forgery attacks, spoof origin attributes, spoof the addressbar contents, bypass safebrowsing protections, or execute arbitrary code. Various other issues were also addressed.
efed5f9ddc3684e7f863dc8438c5a72e1a0114838f1748ce7426e214fd501234
Debian Linux Security Advisory 4479-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, cross-site scripting, spoofing, information disclosure, denial of service or cross-site request forgery.
4787823e0c09d05400e7a707e0726a8e7e912bf644dadb7904a67a608c966456
Red Hat Security Advisory 2019-1763-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.8.0 ESR. Issues addressed include cross site scripting and use-after-free vulnerabilities.
8816b0144ad4343383afa8284e26adb7629a9a83576574f817a6bf1a2e2913fb
Red Hat Security Advisory 2019-1764-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.8.0 ESR. Issues addressed include cross site scripting and use-after-free vulnerabilities.
768ed693e7c74e2676640e607e6a355752c46fd0c9afc506d38cf2e57716a098
Red Hat Security Advisory 2019-1765-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.8.0 ESR. Issues addressed include cross site scripting and use-after-free vulnerabilities.
10fbe456c3e1222603940b5e1903cc74ff34bee81fe01285919838a4aa3be261
Slackware Security Advisory - New mozilla-firefox packages are available for Slackware 14.2 and -current to fix security issues.
4212bb26bd9ce93bc78d4a496fe33e72e013d31ce77b01561cd63c75f082fb92
Red Hat Security Advisory 2019-1696-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.7.2 ESR. Issues addressed include type confusion and sandbox escape vulnerabilities.
6868d88de09c5062976837f949eef83757cfd8e7bd5b0903c21f69b9b80981ed
Ubuntu Security Notice 4045-1 - A type confusion bug was discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could exploit this by causing a denial of service, or executing arbitrary code. It was discovered that a sandboxed child process could open arbitrary web content in the parent process via the Prompt:Open IPC message. When combined with another vulnerability, an attacker could potentially exploit this to execute arbitrary code. Various other issues were also addressed.
aa2a3d5a29ffb6eaa26e48d80b587fa95ee89cdc07e1e1255730f2aedfbf81c0
Debian Linux Security Advisory 4474-1 - A sandbox escape was found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code if combined with additional vulnerabilities.
2876177e4f22f8a7f7ffa473de1a724907b5f34b96539d7f9dd90ad6a8aa6c7e
Red Hat Security Advisory 2019-1626-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.7.2. Issues addressed include a buffer overflow vulnerability.
8b9b8d6cf3822cc19ee197bca2a176146e339b89f859f9e5e5358cb75d1c8c64
Red Hat Security Advisory 2019-1623-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.7.2. Issues addressed include a buffer overflow vulnerability.
a862b1d7e05af64177914350e809feb8d4aba2124b6e1b3bbfc12c843966458e
Red Hat Security Advisory 2019-1624-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.7.2. Issues addressed include a buffer overflow vulnerability.
a32ac12e95b7d4d2133ede322d4ddb074852b0bb68a2a054b2117624ff9845bb
Red Hat Security Advisory 2019-1603-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.7.2 ESR.
1c3f2ab92856bea753598266e0cc7112742e48a1357ca4f5bcdf1245036a66c2
Red Hat Security Advisory 2019-1604-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.7.2 ESR.
efd19650a5c49f811bbd4c75bac4c43febd3026a5a92342fc9aa1c76b748f966
Debian Linux Security Advisory 4471-1 - Multiple security issues have been found in Thunderbird which may lead to the execution of arbitrary code if malformed email messages are read.
4efa717e1288d15a4d933ab0a6403d42fc7d8662286f3a6e0d8b5818ccf16912