Vulnerabilities > Mozilla > Firefox ESR > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-01-08 | CVE-2019-11759 | Classic Buffer Overflow vulnerability in multiple products An attacker could have caused 4 bytes of HMAC output to be written past the end of a buffer stored on the stack. | 8.8 |
| 2020-01-08 | CVE-2019-11758 | Out-of-bounds Write vulnerability in multiple products Mozilla community member Philipp reported a memory safety bug present in Firefox 68 when 360 Total Security was installed. | 8.8 |
| 2020-01-08 | CVE-2019-11757 | Use After Free vulnerability in multiple products When following the value's prototype chain, it was possible to retain a reference to a locale, delete it, and subsequently reference it. | 8.8 |
| 2020-01-08 | CVE-2019-11745 | Out-of-bounds Write vulnerability in multiple products When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. | 8.8 |
| 2019-09-27 | CVE-2019-11753 | Improper Validation of Integrity Check Value vulnerability in Mozilla Firefox The Firefox installer allows Firefox to be installed to a custom user writable location, leaving it unprotected from manipulation by unprivileged users or malware. | 7.8 |
| 2019-09-27 | CVE-2019-11752 | Use After Free vulnerability in Mozilla Firefox It is possible to delete an IndexedDB key value and subsequently try to extract it during conversion. | 8.8 |
| 2019-09-27 | CVE-2019-11751 | Argument Injection or Modification vulnerability in Mozilla Firefox Logging-related command line parameters are not properly sanitized when Firefox is launched by another program, such as when a user clicks on malicious links in a chat application. | 8.8 |
| 2019-09-27 | CVE-2019-11746 | Use After Free vulnerability in Mozilla Firefox A use-after-free vulnerability can occur while manipulating video elements if the body is freed while still in use. | 8.8 |
| 2019-09-27 | CVE-2019-11740 | Out-of-bounds Write vulnerability in multiple products Mozilla developers and community members reported memory safety bugs present in Firefox 68, Firefox ESR 68, and Firefox 60.8. | 8.8 |
| 2019-09-27 | CVE-2019-11736 | Race Condition vulnerability in Mozilla Firefox The Mozilla Maintenance Service does not guard against files being hardlinked to another file in the updates directory, allowing for the replacement of local files, including the Maintenance Service executable, which is run with privileged access. | 7.0 |