Vulnerabilities > Mozilla > Firefox ESR > 60.9.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-01-08 | CVE-2019-11759 | Classic Buffer Overflow vulnerability in multiple products An attacker could have caused 4 bytes of HMAC output to be written past the end of a buffer stored on the stack. | 8.8 |
| 2020-01-08 | CVE-2019-11758 | Out-of-bounds Write vulnerability in multiple products Mozilla community member Philipp reported a memory safety bug present in Firefox 68 when 360 Total Security was installed. | 8.8 |
| 2020-01-08 | CVE-2019-11757 | Use After Free vulnerability in multiple products When following the value's prototype chain, it was possible to retain a reference to a locale, delete it, and subsequently reference it. | 8.8 |
| 2020-01-08 | CVE-2019-11745 | Out-of-bounds Write vulnerability in multiple products When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. | 8.8 |
| 2019-09-27 | CVE-2019-11751 | Argument Injection or Modification vulnerability in Mozilla Firefox Logging-related command line parameters are not properly sanitized when Firefox is launched by another program, such as when a user clicks on malicious links in a chat application. | 8.8 |
| 2019-09-27 | CVE-2019-11750 | Use of Uninitialized Resource vulnerability in Mozilla Firefox A type confusion vulnerability exists in Spidermonkey, which results in a non-exploitable crash. | 6.5 |
| 2019-09-27 | CVE-2019-11749 | Unspecified vulnerability in Mozilla Firefox A vulnerability exists in WebRTC where malicious web content can use probing techniques on the getUserMedia API using constraints to reveal device properties of cameras on the system without triggering a user prompt or notification. | 4.3 |
| 2019-09-27 | CVE-2019-11748 | Improper Preservation of Permissions vulnerability in Mozilla Firefox WebRTC in Firefox will honor persisted permissions given to sites for access to microphone and camera resources even when in a third-party context. | 6.5 |
| 2019-09-27 | CVE-2019-11747 | Improper Initialization vulnerability in Mozilla Firefox The "Forget about this site" feature in the History pane is intended to remove all saved user data that indicates a user has visited a site. | 6.5 |
| 2019-09-27 | CVE-2019-11738 | If a Content Security Policy (CSP) directive is defined that uses a hash-based source that takes the empty string as input, execution of any javascript: URIs will be allowed. | 6.3 |