Vulnerabilities > Mozilla > Firefox > 21.0

DATE CVE VULNERABILITY TITLE RISK
2019-07-23 CVE-2019-11714 Improper Input Validation vulnerability in Mozilla Firefox
Necko can access a child on the wrong thread during UDP connections, resulting in a potentially exploitable crash in some instances.
network
low complexity
mozilla CWE-20
7.5
2019-07-23 CVE-2019-11713 Use After Free vulnerability in Mozilla Firefox and Firefox ESR
A use-after-free vulnerability can occur in HTTP/2 when a cached HTTP/2 stream is closed while still in use, resulting in a potentially exploitable crash.
network
low complexity
mozilla CWE-416
7.5
2019-07-23 CVE-2019-11712 Cross-Site Request Forgery (CSRF) vulnerability in Mozilla Firefox and Firefox ESR
POST requests made by NPAPI plugins, such as Flash, that receive a status 308 redirect response can bypass CORS requirements.
network
mozilla CWE-352
6.8
2019-07-23 CVE-2019-11711 When an inner window is reused, it does not consider the use of document.domain for cross-origin protections.
network
low complexity
mozilla debian
8.8
2019-07-23 CVE-2019-11710 Out-of-bounds Write vulnerability in multiple products
Mozilla developers and community members reported memory safety bugs present in Firefox 67.
network
low complexity
mozilla opensuse CWE-787
7.5
2019-07-23 CVE-2019-11709 Out-of-bounds Write vulnerability in multiple products
Mozilla developers and community members reported memory safety bugs present in Firefox 67 and Firefox ESR 60.7.
network
low complexity
mozilla opensuse suse debian CWE-787
7.5
2019-07-23 CVE-2019-11708 Improper Input Validation vulnerability in Mozilla Firefox ESR
Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed parent process opening web content chosen by a compromised child process.
network
low complexity
mozilla CWE-20
critical
10.0
2019-07-23 CVE-2019-11707 Type Confusion vulnerability in Mozilla Thunderbird
A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop.
network
low complexity
mozilla CWE-843
8.8
2019-07-23 CVE-2019-11702 Missing Authorization vulnerability in Mozilla Firefox
A hyperlink using protocols associated with Internet Explorer, such as IE.HTTP:, can be used to open local files at a known location with Internet Explorer if a user approves execution when prompted.
4.3
2019-07-23 CVE-2019-11701 Cross-site Scripting vulnerability in Mozilla Firefox
The default webcal: protocol handler will load a web site vulnerable to cross-site scripting (XSS) attacks.
network
mozilla CWE-79
4.3