21.0

DATE	CVE	VULNERABILITY TITLE	RISK
2019-07-23	CVE-2019-11714	Improper Input Validation vulnerability in Mozilla Firefox Necko can access a child on the wrong thread during UDP connections, resulting in a potentially exploitable crash in some instances. network low complexity mozilla CWE-20	7.5
2019-07-23	CVE-2019-11713	Use After Free vulnerability in Mozilla Firefox and Firefox ESR A use-after-free vulnerability can occur in HTTP/2 when a cached HTTP/2 stream is closed while still in use, resulting in a potentially exploitable crash. network low complexity mozilla CWE-416	7.5
2019-07-23	CVE-2019-11712	Cross-Site Request Forgery (CSRF) vulnerability in Mozilla Firefox and Firefox ESR POST requests made by NPAPI plugins, such as Flash, that receive a status 308 redirect response can bypass CORS requirements. network mozilla CWE-352	6.8
2019-07-23	CVE-2019-11711	When an inner window is reused, it does not consider the use of document.domain for cross-origin protections. network low complexity mozilla debian	8.8
2019-07-23	CVE-2019-11710	Out-of-bounds Write vulnerability in multiple products Mozilla developers and community members reported memory safety bugs present in Firefox 67. network low complexity mozilla opensuse CWE-787	7.5
2019-07-23	CVE-2019-11709	Out-of-bounds Write vulnerability in multiple products Mozilla developers and community members reported memory safety bugs present in Firefox 67 and Firefox ESR 60.7. network low complexity mozilla opensuse suse debian CWE-787	7.5
2019-07-23	CVE-2019-11708	Improper Input Validation vulnerability in Mozilla Firefox ESR Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed parent process opening web content chosen by a compromised child process. network low complexity mozilla CWE-20 critical	10.0
2019-07-23	CVE-2019-11707	Type Confusion vulnerability in Mozilla Thunderbird A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. network low complexity mozilla CWE-843	8.8
2019-07-23	CVE-2019-11702	Missing Authorization vulnerability in Mozilla Firefox A hyperlink using protocols associated with Internet Explorer, such as IE.HTTP:, can be used to open local files at a known location with Internet Explorer if a user approves execution when prompted. network mozilla microsoft CWE-862	4.3
2019-07-23	CVE-2019-11701	Cross-site Scripting vulnerability in Mozilla Firefox The default webcal: protocol handler will load a web site vulnerable to cross-site scripting (XSS) attacks. network mozilla CWE-79	4.3