Vulnerabilities > Mozilla > Firefox ESR
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-09-27 | CVE-2019-11752 | Use After Free vulnerability in Mozilla Firefox It is possible to delete an IndexedDB key value and subsequently try to extract it during conversion. | 8.8 |
| 2019-09-27 | CVE-2019-11751 | Argument Injection or Modification vulnerability in Mozilla Firefox Logging-related command line parameters are not properly sanitized when Firefox is launched by another program, such as when a user clicks on malicious links in a chat application. | 8.8 |
| 2019-09-27 | CVE-2019-11750 | Use of Uninitialized Resource vulnerability in Mozilla Firefox A type confusion vulnerability exists in Spidermonkey, which results in a non-exploitable crash. | 6.5 |
| 2019-09-27 | CVE-2019-11749 | Unspecified vulnerability in Mozilla Firefox A vulnerability exists in WebRTC where malicious web content can use probing techniques on the getUserMedia API using constraints to reveal device properties of cameras on the system without triggering a user prompt or notification. | 4.3 |
| 2019-09-27 | CVE-2019-11748 | Improper Preservation of Permissions vulnerability in Mozilla Firefox WebRTC in Firefox will honor persisted permissions given to sites for access to microphone and camera resources even when in a third-party context. | 6.5 |
| 2019-09-27 | CVE-2019-11747 | Improper Initialization vulnerability in Mozilla Firefox The "Forget about this site" feature in the History pane is intended to remove all saved user data that indicates a user has visited a site. | 6.5 |
| 2019-09-27 | CVE-2019-11746 | Use After Free vulnerability in Mozilla Firefox A use-after-free vulnerability can occur while manipulating video elements if the body is freed while still in use. | 8.8 |
| 2019-09-27 | CVE-2019-11744 | Cross-site Scripting vulnerability in Mozilla Firefox Some HTML elements, such as <title> and <textarea>, can contain literal angle brackets without treating them as markup. | 6.1 |
| 2019-09-27 | CVE-2019-11743 | Information Exposure Through Discrepancy vulnerability in Mozilla Firefox Navigation events were not fully adhering to the W3C's "Navigation-Timing Level 2" draft specification in some instances for the unload event, which restricts access to detailed timing attributes to only be same-origin. | 3.7 |
| 2019-09-27 | CVE-2019-11742 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Mozilla Firefox A same-origin policy violation occurs allowing the theft of cross-origin images through a combination of SVG filters and a <canvas> element due to an error in how same-origin policy is applied to cached image content. | 6.5 |