VulnerableCode Package Details - pkg:alpm/archlinux/firefox@66.0-1

Search for packages

Vulnerability	Summary	Fixed by
VCID-8rq6-26hu-m3gz Aliases: CVE-2019-9813	Multiple vulnerabilities have been found in Mozilla Thunderbird and Firefox, the worst of which could lead to the execution of arbitrary code.	66.0.1-1 Affected by 0 other vulnerabilities.
VCID-sk9f-516d-xqh7 Aliases: CVE-2019-9810	Multiple vulnerabilities have been found in Mozilla Thunderbird and Firefox, the worst of which could lead to the execution of arbitrary code.	66.0.1-1 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-8rq6-26hu-m3gz
Aliases:
CVE-2019-9813

Multiple vulnerabilities have been found in Mozilla Thunderbird and Firefox, the worst of which could lead to the execution of arbitrary code.

66.0.1-1
Affected by 0 other vulnerabilities.

VCID-sk9f-516d-xqh7
Aliases:
CVE-2019-9810

Multiple vulnerabilities have been found in Mozilla Thunderbird and Firefox, the worst of which could lead to the execution of arbitrary code.

66.0.1-1
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-23v6-x6d6-buca	A latent vulnerability exists in the Prio library where data may be read from uninitialized memory for some functions, leading to potential memory corruption.	CVE-2019-9805
VCID-4555-zn45-mfd8	A vulnerability exists during authorization prompting for FTP transaction where successive modal prompts are displayed and cannot be immediately dismissed. This allows for a denial of service (DOS) attack.	CVE-2019-9806
VCID-7aua-26jh-y3cr	Insufficient bounds checking of data during inter-process communication might allow a compromised content process to be able to read memory from the parent process under certain conditions.	CVE-2019-9799
VCID-7yw2-2r4n-rugg	Multiple vulnerabilities have been found in Mozilla Thunderbird and Firefox, the worst of which could lead to the execution of arbitrary code.	CVE-2019-9790
VCID-a2k9-85qx-u7cy	Multiple vulnerabilities have been found in Mozilla Thunderbird and Firefox, the worst of which could lead to the execution of arbitrary code.	CVE-2019-9788
VCID-bxng-uq7z-hubn	The Upgrade-Insecure-Requests (UIR) specification states that if UIR is enabled through Content Security Policy (CSP), navigation to a same-origin URL must be upgraded to HTTPS. Firefox will incorrectly navigate to an HTTP URL rather than perform the security upgrade requested by the CSP in some circumstances, allowing for potential man-in-the-middle attacks on the linked resources.	CVE-2019-9803
VCID-drcd-xhd2-27hn	Multiple vulnerabilities have been found in Mozilla Thunderbird and Firefox, the worst of which could lead to the execution of arbitrary code.	CVE-2019-9793
VCID-f2z3-egzk-efgj	If WebRTC permission is requested from documents with data: or blob: URLs, the permission notifications do not properly display the originating domain. The notification states "Unknown origin" as the requestee, leading to user confusion about which site is asking for this permission.	CVE-2019-9808
VCID-g45q-v1td-9qcz	If a Sandbox content process is compromised, it can initiate an FTP download which will then use a child process to render the downloaded data. The downloaded data can then be passed to the Chrome process with an arbitrary file length supplied by an attacker, bypassing sandbox protections and allow for a potential memory read of adjacent data from the privileged Chrome process, which may include sensitive data.	CVE-2019-9802
VCID-gyt6-vfya-pueg	When arbitrary text is sent over an FTP connection and a page reload is initiated, it is possible to create a modal alert message with this text as the content. This could potentially be used for social engineering attacks.	CVE-2019-9807
VCID-rhzx-ha7x-dfew	Multiple vulnerabilities have been found in Mozilla Thunderbird and Firefox, the worst of which could lead to the execution of arbitrary code.	CVE-2019-9791
VCID-t1cv-pb54-xyge	Mozilla developers and community members Dragana Damjanovic, Emilio Cobos Álvarez, Henri Sivonen, Narcis Beleuzu, Julian Seward, Marcia Knous, Gary Kwong, Tyson Smith, Yaron Tausky, Ronald Crane, and André Bargull reported memory safety bugs present in Firefox 65. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.	CVE-2019-9789
VCID-tff1-6wkz-jyar	Cross-origin images can be read in violation of the same-origin policy by exporting an image after using createImageBitmap to read the image and then rendering the resulting bitmap image within a canvas element.	CVE-2019-9797
VCID-vrvn-krwb-d3dr	Multiple vulnerabilities have been found in Mozilla Thunderbird and Firefox, the worst of which could lead to the execution of arbitrary code.	CVE-2019-9795
VCID-wwck-cpa8-y3c5	Multiple vulnerabilities have been found in Mozilla Thunderbird and Firefox, the worst of which could lead to the execution of arbitrary code.	CVE-2019-9792
VCID-x4sm-zyc1-ffd4	Multiple vulnerabilities have been found in Mozilla Thunderbird and Firefox, the worst of which could lead to the execution of arbitrary code.	CVE-2019-9796
VCID-zcdh-q78g-x7gr	If the source for resources on a page is through an FTP connection, it is possible to trigger a series of modal alert messages for these resources through invalid credentials or locations. These messages cannot be immediately dismissed, allowing for a denial of service (DOS) attack.	CVE-2019-9809

Vulnerability

Summary

Aliases

VCID-23v6-x6d6-buca

A latent vulnerability exists in the Prio library where data may be read from uninitialized memory for some functions, leading to potential memory corruption.

CVE-2019-9805

VCID-4555-zn45-mfd8

A vulnerability exists during authorization prompting for FTP transaction where successive modal prompts are displayed and cannot be immediately dismissed. This allows for a denial of service (DOS) attack.

CVE-2019-9806

VCID-7aua-26jh-y3cr

Insufficient bounds checking of data during inter-process communication might allow a compromised content process to be able to read memory from the parent process under certain conditions.

CVE-2019-9799

VCID-7yw2-2r4n-rugg

Multiple vulnerabilities have been found in Mozilla Thunderbird and Firefox, the worst of which could lead to the execution of arbitrary code.

CVE-2019-9790

VCID-a2k9-85qx-u7cy

Multiple vulnerabilities have been found in Mozilla Thunderbird and Firefox, the worst of which could lead to the execution of arbitrary code.

CVE-2019-9788

VCID-bxng-uq7z-hubn

The Upgrade-Insecure-Requests (UIR) specification states that if UIR is enabled through Content Security Policy (CSP), navigation to a same-origin URL must be upgraded to HTTPS. Firefox will incorrectly navigate to an HTTP URL rather than perform the security upgrade requested by the CSP in some circumstances, allowing for potential man-in-the-middle attacks on the linked resources.

CVE-2019-9803

VCID-drcd-xhd2-27hn

Multiple vulnerabilities have been found in Mozilla Thunderbird and Firefox, the worst of which could lead to the execution of arbitrary code.

CVE-2019-9793

VCID-f2z3-egzk-efgj

If WebRTC permission is requested from documents with data: or blob: URLs, the permission notifications do not properly display the originating domain. The notification states "Unknown origin" as the requestee, leading to user confusion about which site is asking for this permission.

CVE-2019-9808

VCID-g45q-v1td-9qcz

If a Sandbox content process is compromised, it can initiate an FTP download which will then use a child process to render the downloaded data. The downloaded data can then be passed to the Chrome process with an arbitrary file length supplied by an attacker, bypassing sandbox protections and allow for a potential memory read of adjacent data from the privileged Chrome process, which may include sensitive data.

CVE-2019-9802

VCID-gyt6-vfya-pueg

When arbitrary text is sent over an FTP connection and a page reload is initiated, it is possible to create a modal alert message with this text as the content. This could potentially be used for social engineering attacks.

CVE-2019-9807

VCID-rhzx-ha7x-dfew

Multiple vulnerabilities have been found in Mozilla Thunderbird and Firefox, the worst of which could lead to the execution of arbitrary code.

CVE-2019-9791

VCID-t1cv-pb54-xyge

Mozilla developers and community members Dragana Damjanovic, Emilio Cobos Álvarez, Henri Sivonen, Narcis Beleuzu, Julian Seward, Marcia Knous, Gary Kwong, Tyson Smith, Yaron Tausky, Ronald Crane, and André Bargull reported memory safety bugs present in Firefox 65. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.

CVE-2019-9789

VCID-tff1-6wkz-jyar

Cross-origin images can be read in violation of the same-origin policy by exporting an image after using createImageBitmap to read the image and then rendering the resulting bitmap image within a canvas element.

CVE-2019-9797

VCID-vrvn-krwb-d3dr

Multiple vulnerabilities have been found in Mozilla Thunderbird and Firefox, the worst of which could lead to the execution of arbitrary code.

CVE-2019-9795

VCID-wwck-cpa8-y3c5

Multiple vulnerabilities have been found in Mozilla Thunderbird and Firefox, the worst of which could lead to the execution of arbitrary code.

CVE-2019-9792

VCID-x4sm-zyc1-ffd4

Multiple vulnerabilities have been found in Mozilla Thunderbird and Firefox, the worst of which could lead to the execution of arbitrary code.

CVE-2019-9796

VCID-zcdh-q78g-x7gr

If the source for resources on a page is through an FTP connection, it is possible to trigger a series of modal alert messages for these resources through invalid credentials or locations. These messages cannot be immediately dismissed, allowing for a denial of service (DOS) attack.

CVE-2019-9809

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-07T13:59:08.624319+00:00	Arch Linux Importer	Fixing	VCID-a2k9-85qx-u7cy	https://security.archlinux.org/AVG-925	38.1.0
2026-04-07T13:59:08.612609+00:00	Arch Linux Importer	Fixing	VCID-t1cv-pb54-xyge	https://security.archlinux.org/AVG-925	38.1.0
2026-04-07T13:59:08.600112+00:00	Arch Linux Importer	Fixing	VCID-7yw2-2r4n-rugg	https://security.archlinux.org/AVG-925	38.1.0
2026-04-07T13:59:08.588397+00:00	Arch Linux Importer	Fixing	VCID-rhzx-ha7x-dfew	https://security.archlinux.org/AVG-925	38.1.0
2026-04-07T13:59:08.576443+00:00	Arch Linux Importer	Fixing	VCID-wwck-cpa8-y3c5	https://security.archlinux.org/AVG-925	38.1.0
2026-04-07T13:59:08.564518+00:00	Arch Linux Importer	Fixing	VCID-drcd-xhd2-27hn	https://security.archlinux.org/AVG-925	38.1.0
2026-04-07T13:59:08.551488+00:00	Arch Linux Importer	Fixing	VCID-vrvn-krwb-d3dr	https://security.archlinux.org/AVG-925	38.1.0
2026-04-07T13:59:08.529683+00:00	Arch Linux Importer	Fixing	VCID-x4sm-zyc1-ffd4	https://security.archlinux.org/AVG-925	38.1.0
2026-04-07T13:59:08.496944+00:00	Arch Linux Importer	Fixing	VCID-tff1-6wkz-jyar	https://security.archlinux.org/AVG-925	38.1.0
2026-04-07T13:59:08.484893+00:00	Arch Linux Importer	Fixing	VCID-7aua-26jh-y3cr	https://security.archlinux.org/AVG-925	38.1.0
2026-04-07T13:59:08.470540+00:00	Arch Linux Importer	Fixing	VCID-g45q-v1td-9qcz	https://security.archlinux.org/AVG-925	38.1.0
2026-04-07T13:59:08.458588+00:00	Arch Linux Importer	Fixing	VCID-bxng-uq7z-hubn	https://security.archlinux.org/AVG-925	38.1.0
2026-04-07T13:59:08.446956+00:00	Arch Linux Importer	Fixing	VCID-23v6-x6d6-buca	https://security.archlinux.org/AVG-925	38.1.0
2026-04-07T13:59:08.432671+00:00	Arch Linux Importer	Fixing	VCID-4555-zn45-mfd8	https://security.archlinux.org/AVG-925	38.1.0
2026-04-07T13:59:08.418301+00:00	Arch Linux Importer	Fixing	VCID-gyt6-vfya-pueg	https://security.archlinux.org/AVG-925	38.1.0
2026-04-07T13:59:08.401775+00:00	Arch Linux Importer	Fixing	VCID-f2z3-egzk-efgj	https://security.archlinux.org/AVG-925	38.1.0
2026-04-07T13:59:08.387282+00:00	Arch Linux Importer	Fixing	VCID-zcdh-q78g-x7gr	https://security.archlinux.org/AVG-925	38.1.0
2026-04-07T13:59:08.373016+00:00	Arch Linux Importer	Affected by	VCID-sk9f-516d-xqh7	https://security.archlinux.org/AVG-930	38.1.0
2026-04-07T13:59:08.358970+00:00	Arch Linux Importer	Affected by	VCID-8rq6-26hu-m3gz	https://security.archlinux.org/AVG-930	38.1.0
2026-04-01T18:24:30.981776+00:00	Arch Linux Importer	Fixing	VCID-a2k9-85qx-u7cy	https://security.archlinux.org/AVG-925	38.0.0
2026-04-01T18:24:30.957892+00:00	Arch Linux Importer	Fixing	VCID-t1cv-pb54-xyge	https://security.archlinux.org/AVG-925	38.0.0
2026-04-01T18:24:30.933979+00:00	Arch Linux Importer	Fixing	VCID-7yw2-2r4n-rugg	https://security.archlinux.org/AVG-925	38.0.0
2026-04-01T18:24:30.911031+00:00	Arch Linux Importer	Fixing	VCID-rhzx-ha7x-dfew	https://security.archlinux.org/AVG-925	38.0.0
2026-04-01T18:24:30.885051+00:00	Arch Linux Importer	Fixing	VCID-wwck-cpa8-y3c5	https://security.archlinux.org/AVG-925	38.0.0
2026-04-01T18:24:30.860791+00:00	Arch Linux Importer	Fixing	VCID-drcd-xhd2-27hn	https://security.archlinux.org/AVG-925	38.0.0
2026-04-01T18:24:30.836306+00:00	Arch Linux Importer	Fixing	VCID-vrvn-krwb-d3dr	https://security.archlinux.org/AVG-925	38.0.0
2026-04-01T18:24:30.813169+00:00	Arch Linux Importer	Fixing	VCID-x4sm-zyc1-ffd4	https://security.archlinux.org/AVG-925	38.0.0
2026-04-01T18:24:30.788170+00:00	Arch Linux Importer	Fixing	VCID-tff1-6wkz-jyar	https://security.archlinux.org/AVG-925	38.0.0
2026-04-01T18:24:30.763196+00:00	Arch Linux Importer	Fixing	VCID-7aua-26jh-y3cr	https://security.archlinux.org/AVG-925	38.0.0
2026-04-01T18:24:30.740482+00:00	Arch Linux Importer	Fixing	VCID-g45q-v1td-9qcz	https://security.archlinux.org/AVG-925	38.0.0
2026-04-01T18:24:30.715098+00:00	Arch Linux Importer	Fixing	VCID-bxng-uq7z-hubn	https://security.archlinux.org/AVG-925	38.0.0
2026-04-01T18:24:30.689734+00:00	Arch Linux Importer	Fixing	VCID-23v6-x6d6-buca	https://security.archlinux.org/AVG-925	38.0.0
2026-04-01T18:24:30.663635+00:00	Arch Linux Importer	Fixing	VCID-4555-zn45-mfd8	https://security.archlinux.org/AVG-925	38.0.0
2026-04-01T18:24:30.640658+00:00	Arch Linux Importer	Fixing	VCID-gyt6-vfya-pueg	https://security.archlinux.org/AVG-925	38.0.0
2026-04-01T18:24:30.616669+00:00	Arch Linux Importer	Fixing	VCID-f2z3-egzk-efgj	https://security.archlinux.org/AVG-925	38.0.0
2026-04-01T18:24:30.591319+00:00	Arch Linux Importer	Fixing	VCID-zcdh-q78g-x7gr	https://security.archlinux.org/AVG-925	38.0.0
2026-04-01T18:24:30.336622+00:00	Arch Linux Importer	Affected by	VCID-sk9f-516d-xqh7	https://security.archlinux.org/AVG-930	38.0.0
2026-04-01T18:24:30.312177+00:00	Arch Linux Importer	Affected by	VCID-8rq6-26hu-m3gz	https://security.archlinux.org/AVG-930	38.0.0

2026-04-07T13:59:08.624319+00:00

Arch Linux Importer

Fixing

Next non-vulnerable version	66.0.1-1
Latest non-vulnerable version	101.0-1
Risk	10.0