Vulnerabilities > Mozilla > Firefox ESR > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-07-23 | CVE-2019-11713 | Use After Free vulnerability in Mozilla Firefox and Firefox ESR A use-after-free vulnerability can occur in HTTP/2 when a cached HTTP/2 stream is closed while still in use, resulting in a potentially exploitable crash. | 7.5 |
| 2019-07-23 | CVE-2019-11711 | When an inner window is reused, it does not consider the use of document.domain for cross-origin protections. | 8.8 |
| 2019-07-23 | CVE-2019-11709 | Out-of-bounds Write vulnerability in multiple products Mozilla developers and community members reported memory safety bugs present in Firefox 67 and Firefox ESR 60.7. | 7.5 |
| 2019-07-23 | CVE-2019-11707 | Type Confusion vulnerability in Mozilla Thunderbird A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. | 8.8 |
| 2019-07-23 | CVE-2019-11693 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mozilla Firefox The bufferdata function in WebGL is vulnerable to a buffer overflow with specific graphics drivers on Linux. | 7.5 |
| 2019-07-23 | CVE-2019-11692 | Use After Free vulnerability in Mozilla Firefox and Firefox ESR A use-after-free vulnerability can occur when listeners are removed from the event listener manager while still in use, resulting in a potentially exploitable crash. | 7.5 |
| 2019-07-23 | CVE-2019-11691 | Use After Free vulnerability in Mozilla Firefox and Firefox ESR A use-after-free vulnerability can occur when working with XMLHttpRequest (XHR) in an event loop, causing the XHR main thread to be called after it has been freed. | 7.5 |
| 2019-04-26 | CVE-2019-9796 | Use After Free vulnerability in Mozilla Firefox and Firefox ESR A use-after-free vulnerability can occur when the SMIL animation controller incorrectly registers with the refresh driver twice when only a single registration is expected. | 7.5 |
| 2019-04-26 | CVE-2019-9795 | Reachable Assertion vulnerability in Mozilla Firefox, Firefox ESR and Thunderbird A vulnerability where type-confusion in the IonMonkey just-in-time (JIT) compiler could potentially be used by malicious JavaScript to trigger a potentially exploitable crash. | 7.5 |
| 2019-04-26 | CVE-2019-9794 | Improper Input Validation vulnerability in Mozilla Thunderbird A vulnerability was discovered where specific command line arguments are not properly discarded during Firefox invocation as a shell handler for URLs. | 7.5 |