Mozilla Firefox version 67 Array.pop JIT type confusion exploit with sandbox escape.
ea77bcb04a25a270665e987ce8e0f9878c2f6fe16545ba359cd08d31ae8178abThis is a full browser compromise exploit chain targeting Mozilla Firefox on Windows 64-bit. It uses CVE-2019-9810 for getting code execution in both the content process as well as the parent process and CVE-2019-11708 to trick the parent process into browsing to an arbitrary URL.
9b6b4e57729b361dc8c968a497ed828d4104708a0de054bdc98f0d4df499c7d5Gentoo Linux Security Advisory 201908-12 - Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code. Versions less than 60.8.0 are affected.
9c1b71d78a94d040a45e2a38d652fada76b7a84a057a50826157ff452c810ac7Red Hat Security Advisory 2019-1696-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.7.2 ESR. Issues addressed include type confusion and sandbox escape vulnerabilities.
6868d88de09c5062976837f949eef83757cfd8e7bd5b0903c21f69b9b80981edUbuntu Security Notice 4045-1 - A type confusion bug was discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could exploit this by causing a denial of service, or executing arbitrary code. It was discovered that a sandboxed child process could open arbitrary web content in the parent process via the Prompt:Open IPC message. When combined with another vulnerability, an attacker could potentially exploit this to execute arbitrary code. Various other issues were also addressed.
aa2a3d5a29ffb6eaa26e48d80b587fa95ee89cdc07e1e1255730f2aedfbf81c0Debian Linux Security Advisory 4474-1 - A sandbox escape was found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code if combined with additional vulnerabilities.
2876177e4f22f8a7f7ffa473de1a724907b5f34b96539d7f9dd90ad6a8aa6c7eRed Hat Security Advisory 2019-1626-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.7.2. Issues addressed include a buffer overflow vulnerability.
8b9b8d6cf3822cc19ee197bca2a176146e339b89f859f9e5e5358cb75d1c8c64Red Hat Security Advisory 2019-1623-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.7.2. Issues addressed include a buffer overflow vulnerability.
a862b1d7e05af64177914350e809feb8d4aba2124b6e1b3bbfc12c843966458eRed Hat Security Advisory 2019-1624-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.7.2. Issues addressed include a buffer overflow vulnerability.
a32ac12e95b7d4d2133ede322d4ddb074852b0bb68a2a054b2117624ff9845bbRed Hat Security Advisory 2019-1603-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.7.2 ESR.
1c3f2ab92856bea753598266e0cc7112742e48a1357ca4f5bcdf1245036a66c2Red Hat Security Advisory 2019-1604-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.7.2 ESR.
efd19650a5c49f811bbd4c75bac4c43febd3026a5a92342fc9aa1c76b748f966Debian Linux Security Advisory 4471-1 - Multiple security issues have been found in Thunderbird which may lead to the execution of arbitrary code if malformed email messages are read.
4efa717e1288d15a4d933ab0a6403d42fc7d8662286f3a6e0d8b5818ccf16912Ubuntu Security Notice 4032-1 - It was discovered that a sandboxed child process could open arbitrary web content in the parent process via the Prompt:Open IPC message. When combined with another vulnerability, an attacker could potentially exploit this to execute arbitrary code.
cd8ca7fe3ccaf00cdf3dfc9530b3270fc8e08916ef3075cbfc3c15f9bdf7a79fSlackware Security Advisory - New mozilla-firefox packages are available for Slackware 14.2 and -current to fix a security issue.
add5ad3d3c6c79a4ce2b1532f6867b86792f90cc9a71d0b6e4f832b2af955b62
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed