Vulnerabilities > Mozilla > Firefox ESR > 68.7.0

DATE CVE VULNERABILITY TITLE RISK
2020-05-26 CVE-2020-12389 Improper Input Validation vulnerability in Mozilla Firefox
The Firefox content processes did not sufficiently lockdown access control which could result in a sandbox escape.
network
low complexity
mozilla CWE-20
critical
 10.0
10
2020-05-26 CVE-2020-12388 Improper Input Validation vulnerability in Mozilla Firefox
The Firefox content processes did not sufficiently lockdown access control which could result in a sandbox escape.
network
low complexity
mozilla CWE-20
critical
 10.0
10
2020-05-26 CVE-2020-12387 Use After Free vulnerability in Mozilla Thunderbird
A race condition when running shutdown code for Web Worker led to a use-after-free vulnerability.
network
high complexity
mozilla CWE-416
8.1
8.1
2020-05-26 CVE-2020-12395 Out-of-bounds Write vulnerability in multiple products
Mozilla developers and community members reported memory safety bugs present in Firefox 75 and Firefox ESR 68.7.
network
low complexity
mozilla canonical CWE-787
critical
 9.8
9.8
2020-05-26 CVE-2020-12393 OS Command Injection vulnerability in Mozilla Firefox
The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the website.
local
low complexity
mozilla CWE-78
7.8
7.8