Vulnerabilities > Mozilla > Firefox ESR > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-07-23 CVE-2019-11715 Cross-site Scripting vulnerability in Mozilla Firefox
Due to an error while parsing page content, it is possible for properly sanitized user input to be misinterpreted and lead to XSS hazards on web sites in certain circumstances.
network
low complexity
mozilla CWE-79
6.1
2019-07-23 CVE-2019-11698 Improper Input Validation vulnerability in Mozilla Firefox
If a crafted hyperlink is dragged and dropped to the bookmark bar or sidebar and the resulting bookmark is subsequently dragged and dropped into the web content area, an arbitrary query of a user's browser history can be run and transmitted to the content page via drop event data.
network
low complexity
mozilla CWE-20
5.3
2019-04-26 CVE-2019-9801 Improper Input Validation vulnerability in Mozilla Firefox
Firefox will accept any registered Program ID as an external protocol handler and offer to launch this local application when given a matching URL on Windows operating systems.
network
low complexity
mozilla CWE-20
5.3
2019-04-26 CVE-2019-9793 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mozilla Firefox
A mechanism was discovered that removes some bounds checking for string, array, or typed array accesses if Spectre mitigations have been disabled.
network
high complexity
mozilla CWE-119
5.9
2019-02-28 CVE-2018-18499 Origin Validation Error vulnerability in Mozilla Firefox
A same-origin policy violation allowing the theft of cross-origin URL entries when using a meta http-equiv="refresh" on a page to cause a redirection to another site using performance.getEntries().
network
low complexity
mozilla CWE-346
6.5
2019-02-28 CVE-2018-18494 Origin Validation Error vulnerability in multiple products
A same-origin policy violation allowing the theft of cross-origin URL entries when using the Javascript location property to cause a redirection to another site using performance.getEntries().
network
low complexity
mozilla debian canonical redhat CWE-346
6.5
2019-02-28 CVE-2018-12396 Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
A vulnerability where a WebExtension can run content scripts in disallowed contexts following navigation or other events.
network
low complexity
mozilla debian canonical redhat CWE-732
6.5
2018-10-18 CVE-2018-12383 Insufficiently Protected Credentials vulnerability in multiple products
If a user saved passwords before Firefox 58 and then later set a master password, an unencrypted copy of these passwords is still accessible.
local
low complexity
redhat debian canonical mozilla CWE-522
5.5
2018-10-18 CVE-2018-12381 Externally Controlled Reference to a Resource in Another Sphere vulnerability in Mozilla Firefox
Manually dragging and dropping an Outlook email message into the browser will trigger a page navigation when the message's mail columns are incorrectly interpreted as a URL.
network
low complexity
mozilla CWE-610
5.3
2018-10-18 CVE-2018-12367 Improper Input Validation vulnerability in multiple products
In the previous mitigations for Spectre, the resolution or precision of various methods was reduced to counteract the ability to measure precise time intervals.
network
low complexity
debian canonical mozilla CWE-20
4.3