Vulnerabilities > Mozilla > Firefox ESR > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-25 | CVE-2020-6812 | Information Exposure vulnerability in multiple products The first time AirPods are connected to an iPhone, they become named after the user's name by default (e.g. | 5.3 |
| 2020-03-02 | CVE-2020-6798 | Cross-site Scripting vulnerability in Mozilla Thunderbird If a template tag was used in a select tag, the parser could be confused and allow JavaScript parsing and execution when it should not be allowed. | 6.1 |
| 2020-03-02 | CVE-2020-6797 | Improper Input Validation vulnerability in Mozilla Firefox By downloading a file with the .fileloc extension, a semi-privileged extension could launch an arbitrary application on the user's computer. | 4.3 |
| 2020-01-08 | CVE-2019-17022 | Cross-site Scripting vulnerability in multiple products When pasting a <style> tag from the clipboard into a rich text editor, the CSS sanitizer does not escape < and > characters. | 6.1 |
| 2020-01-08 | CVE-2019-17021 | Race Condition vulnerability in multiple products During the initialization of a new content process, a race condition occurs that can allow a content process to disclose heap addresses from the parent process. | 5.3 |
| 2020-01-08 | CVE-2019-17016 | Cross-site Scripting vulnerability in multiple products When pasting a <style> tag from the clipboard into a rich text editor, the CSS sanitizer incorrectly rewrites a @namespace rule. | 6.1 |
| 2020-01-08 | CVE-2019-11763 | Cross-site Scripting vulnerability in multiple products Failure to correctly handle null bytes when processing HTML entities resulted in Firefox incorrectly parsing these entities. | 6.1 |
| 2020-01-08 | CVE-2019-11762 | Origin Validation Error vulnerability in multiple products If two same-origin documents set document.domain differently to become cross-origin, it was possible for them to call arbitrary DOM methods/getters/setters on the now-cross-origin window. | 6.1 |
| 2020-01-08 | CVE-2019-11761 | Missing Authorization vulnerability in multiple products By using a form with a data URI it was possible to gain access to the privileged JSONView object that had been cloned into content. | 5.4 |
| 2019-09-27 | CVE-2019-11750 | Use of Uninitialized Resource vulnerability in Mozilla Firefox A type confusion vulnerability exists in Spidermonkey, which results in a non-exploitable crash. | 6.5 |