This is a full browser compromise exploit chain targeting Mozilla Firefox on Windows 64-bit. It uses CVE-2019-9810 for getting code execution in both the content process as well as the parent process and CVE-2019-11708 to trick the parent process into browsing to an arbitrary URL.
9b6b4e57729b361dc8c968a497ed828d4104708a0de054bdc98f0d4df499c7d5Red Hat Security Advisory 2019-1144-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.6.1. Issues addressed include a use-after-free vulnerability.
2e873f9b26d8e4c7304825179187434790568c35c75ee863e08b370cc309fa93Red Hat Security Advisory 2019-0966-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.6.1 ESR. Issues addressed include a use-after-free vulnerability.
ffaa4285ea0b86a7be83080eb435738e399a2851b88b2578de2b6ff86832514aGentoo Linux Security Advisory 201904-7 - Multiple vulnerabilities have been found in Mozilla Thunderbird and Firefox, the worst of which could lead to the execution of arbitrary code. Versions less than 60.6.1 are affected.
ec2b4c986dbf5c17d16fcedf5271919bfa322a9fb6071ad4b87d3415b399efbcUbuntu Security Notice 3927-1 - It was discovered that Thunderbird allowed PAC files to specify that requests to localhost are sent through the proxy to another server. If proxy auto-detection is enabled, an attacker could potentially exploit this to conduct attacks on local services and tools. Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, or execute arbitrary code. Various other issues were also addressed.
31f9c116262cfb79aaf7ecac00f1cfd19e6694e7443bd751ab7e498952c674a7Red Hat Security Advisory 2019-0681-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.6.1. Issues addressed include a use-after-free vulnerability.
a1486c6e1fe457cdd37294b00bcfd9666818f80098ec3078a42437a5b36b64b0Red Hat Security Advisory 2019-0680-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.6.1. Issues addressed include a use-after-free vulnerability.
a3960d8852a7b0389942bc12f66d26ac8c372453dd98cd9423aa0334c3c9745aRed Hat Security Advisory 2019-0672-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.6.1 ESR.
a66e07d0056a772de65564f6604eb67706b5f09c2226b7789a271c9c481ea630Red Hat Security Advisory 2019-0671-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.6.1 ESR.
5384e9fcb533149326a741c9c1a106aee3dd186a89e17054dc29950e438e6d53Firefox versions prior to 66.0.1 suffer from an Array.prototype.slice buffer overflow vulnerability.
851f7c03bad5c91e3b04bd52dc421d3831d299b9eb32ac1821c4fb8780f1404eUbuntu Security Notice 3919-1 - Two security issues were discovered in the JavaScript engine in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could exploit this by causing a denial of service, or executing arbitrary code.
ecb14fcd081b173399f246fce8890179bcb0a41de018aa2cecf0b53f8006c215Debian Linux Security Advisory 4417-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code.
5e827118d4314ce38b8836b0d62ca89321473ccc11177fb9d6e74b7283c8566aSlackware Security Advisory - New mozilla-firefox packages are available for Slackware 14.2 and -current to fix security issues.
66af6d11ff1524600d3da7dd5b27b137b12a933dc70ed079ecfcc9f2d8333f71
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed