exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 13 of 13 RSS Feed

CVE-2019-11761

Status Candidate

Overview

By using a form with a data URI it was possible to gain access to the privileged JSONView object that had been cloned into content. Impact from exposing this object appears to be minimal, however it was a bypass of existing defense in depth mechanisms. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2.

Related Files

Ubuntu Security Notice USN-4335-1
Posted Apr 22, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4335-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, bypass same-origin restrictions, conduct cross-site scripting attacks, or execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, xss
systems | linux, ubuntu
advisories | CVE-2019-11745, CVE-2019-11755, CVE-2019-11759, CVE-2019-11760, CVE-2019-11761, CVE-2019-11763, CVE-2019-11764, CVE-2019-15903, CVE-2019-17005, CVE-2019-17008, CVE-2019-17011, CVE-2019-17012, CVE-2019-17016, CVE-2019-17022, CVE-2019-17024, CVE-2019-17026, CVE-2020-6792, CVE-2020-6794, CVE-2020-6798, CVE-2020-6800, CVE-2020-6805, CVE-2020-6811, CVE-2020-6812, CVE-2020-6814, CVE-2020-6821, CVE-2020-6822, CVE-2020-6825
SHA-256 | 5b0f96c8e531ef4c9797c7c8b829d69de481a70cc62c8097c6bd38d1c1677453
Gentoo Linux Security Advisory 202003-10
Posted Mar 14, 2020
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202003-10 - Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. Versions less than 68.6.0 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2019-11745, CVE-2019-11757, CVE-2019-11759, CVE-2019-11760, CVE-2019-11761, CVE-2019-11762, CVE-2019-11763, CVE-2019-11764, CVE-2019-17005, CVE-2019-17008, CVE-2019-17010, CVE-2019-17011, CVE-2019-17012, CVE-2019-20503, CVE-2020-6792, CVE-2020-6793, CVE-2020-6794, CVE-2020-6795, CVE-2020-6798, CVE-2020-6800, CVE-2020-6805, CVE-2020-6806, CVE-2020-6807, CVE-2020-6811, CVE-2020-6812, CVE-2020-6814
SHA-256 | 2bd6c6d0e9248abe6d1894cda6c23b4295f3ce1bc21529d3a5ffdc34d8150bbd
Ubuntu Security Notice USN-4202-2
Posted Dec 10, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4202-2 - USN-4202-1 fixed vulnerabilities in Thunderbird. After upgrading, Thunderbird created a new profile for some users. This update fixes the problem. It was discovered that a specially crafted S/MIME message with an inner encryption layer could be displayed as having a valid signature in some circumstances, even if the signer had no access to the encrypted message. An attacker could potentially exploit this to spoof the message author. Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, bypass security restrictions, bypass same-origin restrictions, conduct cross-site scripting attacks, or execute arbitrary code. A heap overflow was discovered in the expat library in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit this to cause a denial of service, or execute arbitrary code.

tags | advisory, denial of service, overflow, arbitrary, spoof, vulnerability, xss
systems | linux, ubuntu
advisories | CVE-2019-11755, CVE-2019-11761, CVE-2019-15903
SHA-256 | 0508b25ed86166d9e8ad492da3dab33c26ea8d976fc0c2aaea774bea64b55912
Debian Security Advisory 4571-1
Posted Nov 18, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4571-1 - Multiple security issues have been found in Thunderbird which could potentially result in the execution of arbitrary code or denial of service.

tags | advisory, denial of service, arbitrary
systems | linux, debian
advisories | CVE-2019-11755, CVE-2019-11757, CVE-2019-11759, CVE-2019-11760, CVE-2019-11761, CVE-2019-11762, CVE-2019-11763, CVE-2019-11764, CVE-2019-15903
SHA-256 | d1da11dc68e0e483876a30896b2795e84ff6d0181f67e226306de8a7caa0ee6d
Red Hat Security Advisory 2019-3756-01
Posted Nov 7, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-3756-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.2.0. Issues addressed include buffer overflow, bypass, cross site scripting, and use-after-free vulnerabilities.

tags | advisory, overflow, vulnerability, xss
systems | linux, redhat
advisories | CVE-2019-11757, CVE-2019-11758, CVE-2019-11759, CVE-2019-11760, CVE-2019-11761, CVE-2019-11762, CVE-2019-11763, CVE-2019-11764, CVE-2019-15903
SHA-256 | 59bfe19103b4687534079d95b182dc1f8f3e30930f4ee500b46157a6721ebe55
Red Hat Security Advisory 2019-3281-01
Posted Oct 31, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-3281-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.2.0 ESR. Issues addressed include buffer overflow, bypass, cross site scripting, and use-after-free vulnerabilities.

tags | advisory, web, overflow, vulnerability, xss
systems | linux, redhat
advisories | CVE-2019-11757, CVE-2019-11758, CVE-2019-11759, CVE-2019-11760, CVE-2019-11761, CVE-2019-11762, CVE-2019-11763, CVE-2019-11764
SHA-256 | 332517d0f986e800fddcb6a996bf545ae5876efc4f58467d01626aa54b79518f
Red Hat Security Advisory 2019-3237-01
Posted Oct 29, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-3237-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.2.0. Issues addressed include buffer overflow, bypass, cross site scripting, and use-after-free vulnerabilities.

tags | advisory, overflow, vulnerability, xss
systems | linux, redhat
advisories | CVE-2019-11757, CVE-2019-11758, CVE-2019-11759, CVE-2019-11760, CVE-2019-11761, CVE-2019-11762, CVE-2019-11763, CVE-2019-11764, CVE-2019-15903
SHA-256 | 6e152cb6de1e407aa24b73531b0f86c2b267e661039302e9f7cebbccf0d21018
Red Hat Security Advisory 2019-3210-01
Posted Oct 29, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-3210-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.2.0. Issues addressed include buffer overflow, bypass, cross site scripting, and use-after-free vulnerabilities.

tags | advisory, overflow, vulnerability, xss
systems | linux, redhat
advisories | CVE-2019-11757, CVE-2019-11758, CVE-2019-11759, CVE-2019-11760, CVE-2019-11761, CVE-2019-11762, CVE-2019-11763, CVE-2019-11764, CVE-2019-15903
SHA-256 | eab73ea98afa2e510f2453560cb7938674b64634ab997ecd098678cd1b3c6421
Debian Security Advisory 4549-1
Posted Oct 25, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4549-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, information disclosure, cross-site scripting or denial of service.

tags | advisory, web, denial of service, arbitrary, xss, info disclosure
systems | linux, debian
advisories | CVE-2019-11757, CVE-2019-11759, CVE-2019-11760, CVE-2019-11761, CVE-2019-11762, CVE-2019-11763, CVE-2019-11764, CVE-2019-15903
SHA-256 | c2f9b81b56dcc0573ebe0c44438c4c6fe6b00da6af49f7ffbe87d446c4117271
Red Hat Security Advisory 2019-3196-01
Posted Oct 24, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-3196-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.2.0 ESR. Issues addressed include buffer overflow, bypass, cross site scripting, and use-after-free vulnerabilities.

tags | advisory, web, overflow, vulnerability, xss
systems | linux, redhat
advisories | CVE-2019-11757, CVE-2019-11758, CVE-2019-11759, CVE-2019-11760, CVE-2019-11761, CVE-2019-11762, CVE-2019-11763, CVE-2019-11764
SHA-256 | e2ccfffa159768e9d2f3a2a7118a2e4a064e605b4c70f890a586cc2c5fe653db
Ubuntu Security Notice USN-4165-1
Posted Oct 24, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4165-1 - Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, bypass security restrictions, bypass same-origin restrictions, conduct cross-site scripting attacks, bypass content security policy protections, or execute arbitrary code.

tags | advisory, denial of service, arbitrary, xss
systems | linux, ubuntu
advisories | CVE-2018-6156, CVE-2019-11761, CVE-2019-11765, CVE-2019-17002
SHA-256 | d8d93e7f7281e1fc62ec9c0080d0c666f7ade49cab2be3f17aa5d92c5c195214
Red Hat Security Advisory 2019-3193-01
Posted Oct 23, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-3193-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.2.0 ESR. Issues addressed include buffer overflow, bypass, cross site scripting, and use-after-free vulnerabilities.

tags | advisory, web, overflow, vulnerability, xss
systems | linux, redhat
advisories | CVE-2019-11757, CVE-2019-11758, CVE-2019-11759, CVE-2019-11760, CVE-2019-11761, CVE-2019-11762, CVE-2019-11763, CVE-2019-11764
SHA-256 | c066b11b51d4b6ada70cb181d5dfb0b130c0429362551b4df1e9ee37addc3307
Slackware Security Advisory - mozilla-firefox Updates
Posted Oct 23, 2019
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New mozilla-firefox packages are available for Slackware 14.2 and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2019-11757, CVE-2019-11758, CVE-2019-11759, CVE-2019-11760, CVE-2019-11761, CVE-2019-11762, CVE-2019-11763, CVE-2019-11764, CVE-2019-15903
SHA-256 | f7f527b29f8543776ff99d7a6d581ab08d43b05404ef93897f1a7728c884d2f7
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close