Vulnerabilities > Mozilla > Firefox > 21.0

DATE CVE VULNERABILITY TITLE RISK
2019-07-23 CVE-2019-9817 Origin Validation Error vulnerability in Mozilla Firefox and Firefox ESR
Images from a different domain can be read using a canvas object in some circumstances.
network
low complexity
mozilla CWE-346
5.0
2019-07-23 CVE-2019-9816 Type Confusion vulnerability in Mozilla Firefox, Firefox ESR and Thunderbird
A possible vulnerability exists where type confusion can occur when manipulating JavaScript objects in object groups, allowing for the bypassing of security checks within these groups.
network
mozilla CWE-843
4.3
2019-07-23 CVE-2019-9815 Information Exposure Through Discrepancy vulnerability in Mozilla Firefox
If hyperthreading is not disabled, a timing attack vulnerability exists, similar to previous Spectre attacks.
network
mozilla CWE-203
6.8
2019-07-23 CVE-2019-9814 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mozilla Firefox
Mozilla developers and community members reported memory safety bugs present in Firefox 66.
network
low complexity
mozilla CWE-119
7.5
2019-07-23 CVE-2019-9811 Injection vulnerability in multiple products
As part of a winning Pwn2Own entry, a researcher demonstrated a sandbox escape by installing a malicious language pack and then opening a browser feature that used the compromised translation.
network
high complexity
mozilla debian novell opensuse CWE-74
8.3
2019-07-23 CVE-2019-9800 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mozilla Firefox
Mozilla developers and community members reported memory safety bugs present in Firefox 66, Firefox ESR 60.6, and Thunderbird 60.6.
network
low complexity
mozilla CWE-119
7.5
2019-07-23 CVE-2019-11730 A vulnerability exists where if a user opens a locally saved HTML file, this file can use file: URIs to access other files in the same directory or sub-directories if the names are known or guessed.
network
low complexity
mozilla debian opensuse suse
6.5
2019-07-23 CVE-2019-11729 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mozilla Firefox, Firefox ESR and Thunderbird
Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used.
network
low complexity
mozilla CWE-119
5.0
2019-07-23 CVE-2019-11728 Exposure of Resource to Wrong Sphere vulnerability in multiple products
The HTTP Alternative Services header, Alt-Svc, can be used by a malicious site to scan all TCP ports of any host that the accessible to a user when web content is loaded.
network
low complexity
mozilla opensuse CWE-668
4.7
2019-07-23 CVE-2019-11727 Improper Certificate Validation vulnerability in Mozilla Firefox
A vulnerability exists where it possible to force Network Security Services (NSS) to sign CertificateVerify with PKCS#1 v1.5 signatures when those are the only ones advertised by server in CertificateRequest in TLS 1.3.
network
low complexity
mozilla CWE-295
5.0