Vulnerabilities > Mozilla > Firefox > 2.0.0.5

DATE CVE VULNERABILITY TITLE RISK
2019-04-26 CVE-2019-9798 Untrusted Search Path vulnerability in Mozilla Firefox
On Android systems, Firefox can load a library from APITRACE_LIB, which is writable by all users and applications.
5.8
2019-04-26 CVE-2019-9797 Origin Validation Error vulnerability in Mozilla Firefox
Cross-origin images can be read in violation of the same-origin policy by exporting an image after using createImageBitmap to read the image and then rendering the resulting bitmap image within a canvas element.
network
low complexity
mozilla CWE-346
5.0
2019-04-26 CVE-2019-9796 Use After Free vulnerability in Mozilla Firefox and Firefox ESR
A use-after-free vulnerability can occur when the SMIL animation controller incorrectly registers with the refresh driver twice when only a single registration is expected.
network
low complexity
mozilla CWE-416
7.5
2019-04-26 CVE-2019-9795 Reachable Assertion vulnerability in Mozilla Firefox, Firefox ESR and Thunderbird
A vulnerability where type-confusion in the IonMonkey just-in-time (JIT) compiler could potentially be used by malicious JavaScript to trigger a potentially exploitable crash.
network
low complexity
mozilla CWE-617
7.5
2019-04-26 CVE-2019-9794 Improper Input Validation vulnerability in Mozilla Thunderbird
A vulnerability was discovered where specific command line arguments are not properly discarded during Firefox invocation as a shell handler for URLs.
network
low complexity
mozilla CWE-20
7.5
2019-04-26 CVE-2019-9793 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mozilla Firefox and Firefox ESR
A mechanism was discovered that removes some bounds checking for string, array, or typed array accesses if Spectre mitigations have been disabled.
network
mozilla CWE-119
4.3
2019-04-26 CVE-2019-9792 Out-of-bounds Write vulnerability in multiple products
The IonMonkey just-in-time (JIT) compiler can leak an internal JS_OPTIMIZED_OUT magic value to the running script during a bailout.
network
low complexity
mozilla redhat CWE-787
7.5
2019-04-26 CVE-2019-9791 Type Confusion vulnerability in multiple products
The type inference system allows the compilation of functions that can cause type confusions between arbitrary objects when compiled through the IonMonkey just-in-time (JIT) compiler and when the constructor function is entered through on-stack replacement (OSR).
network
low complexity
mozilla redhat CWE-843
7.5
2019-04-26 CVE-2019-9790 Use After Free vulnerability in Mozilla Firefox and Firefox ESR
A use-after-free vulnerability can occur when a raw pointer to a DOM element on a page is obtained using JavaScript and the element is then removed while still in use.
network
low complexity
mozilla CWE-416
7.5
2019-04-26 CVE-2019-9789 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mozilla Firefox
Mozilla developers and community members reported memory safety bugs present in Firefox 65.
network
low complexity
mozilla CWE-119
7.5