Vulnerabilities > Canonical

DATE CVE VULNERABILITY TITLE RISK
2020-01-08 CVE-2019-17012 Out-of-bounds Write vulnerability in multiple products
Mozilla developers reported memory safety bugs present in Firefox 70 and Firefox ESR 68.2.
network
low complexity
mozilla opensuse canonical CWE-787
8.8
2020-01-08 CVE-2019-17011 Race Condition vulnerability in multiple products
Under certain conditions, when retrieving a document from a DocShell in the antitracking code, a race condition could cause a use-after-free condition and a potentially exploitable crash.
network
high complexity
mozilla opensuse canonical CWE-362
7.5
2020-01-08 CVE-2019-17010 Race Condition vulnerability in multiple products
Under certain conditions, when checking the Resist Fingerprinting preference during device orientation checks, a race condition could have caused a use-after-free and a potentially exploitable crash.
network
high complexity
mozilla opensuse canonical CWE-362
7.5
2020-01-08 CVE-2019-17005 Out-of-bounds Write vulnerability in multiple products
The plain text serializer used a fixed-size array for the number of <ol> elements it could process; however it was possible to overflow the static-sized array leading to memory corruption and a potentially exploitable crash.
network
low complexity
mozilla opensuse canonical CWE-787
8.8
2020-01-08 CVE-2019-11764 Out-of-bounds Write vulnerability in multiple products
Mozilla developers and community members reported memory safety bugs present in Firefox 69 and Firefox ESR 68.1.
network
low complexity
mozilla canonical CWE-787
8.8
2020-01-08 CVE-2019-11763 Cross-site Scripting vulnerability in multiple products
Failure to correctly handle null bytes when processing HTML entities resulted in Firefox incorrectly parsing these entities.
network
low complexity
mozilla canonical CWE-79
6.1
2020-01-08 CVE-2019-11762 Origin Validation Error vulnerability in multiple products
If two same-origin documents set document.domain differently to become cross-origin, it was possible for them to call arbitrary DOM methods/getters/setters on the now-cross-origin window.
network
low complexity
mozilla canonical CWE-346
6.1
2020-01-08 CVE-2019-11761 Missing Authorization vulnerability in multiple products
By using a form with a data URI it was possible to gain access to the privileged JSONView object that had been cloned into content.
network
low complexity
mozilla canonical CWE-862
5.4
2020-01-08 CVE-2019-11760 Out-of-bounds Write vulnerability in multiple products
A fixed-size stack buffer could overflow in nrappkit when doing WebRTC signaling.
network
low complexity
mozilla canonical CWE-787
8.8
2020-01-08 CVE-2019-11759 Classic Buffer Overflow vulnerability in multiple products
An attacker could have caused 4 bytes of HMAC output to be written past the end of a buffer stored on the stack.
network
low complexity
mozilla canonical CWE-120
8.8