Vulnerabilities > Mozilla > Firefox > 3.0.12
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-07-23 | CVE-2019-11713 | Use After Free vulnerability in Mozilla Firefox and Firefox ESR A use-after-free vulnerability can occur in HTTP/2 when a cached HTTP/2 stream is closed while still in use, resulting in a potentially exploitable crash. | 7.5 |
2019-07-23 | CVE-2019-11712 | Cross-Site Request Forgery (CSRF) vulnerability in Mozilla Firefox and Firefox ESR POST requests made by NPAPI plugins, such as Flash, that receive a status 308 redirect response can bypass CORS requirements. | 6.8 |
2019-07-23 | CVE-2019-11711 | When an inner window is reused, it does not consider the use of document.domain for cross-origin protections. | 8.8 |
2019-07-23 | CVE-2019-11710 | Out-of-bounds Write vulnerability in multiple products Mozilla developers and community members reported memory safety bugs present in Firefox 67. | 7.5 |
2019-07-23 | CVE-2019-11709 | Out-of-bounds Write vulnerability in multiple products Mozilla developers and community members reported memory safety bugs present in Firefox 67 and Firefox ESR 60.7. | 7.5 |
2019-07-23 | CVE-2019-11708 | Improper Input Validation vulnerability in Mozilla Firefox ESR Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed parent process opening web content chosen by a compromised child process. | 10.0 |
2019-07-23 | CVE-2019-11707 | Type Confusion vulnerability in Mozilla Thunderbird A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. | 8.8 |
2019-07-23 | CVE-2019-11702 | Missing Authorization vulnerability in Mozilla Firefox A hyperlink using protocols associated with Internet Explorer, such as IE.HTTP:, can be used to open local files at a known location with Internet Explorer if a user approves execution when prompted. | 4.3 |
2019-07-23 | CVE-2019-11701 | Cross-site Scripting vulnerability in Mozilla Firefox The default webcal: protocol handler will load a web site vulnerable to cross-site scripting (XSS) attacks. | 4.3 |
2019-07-23 | CVE-2019-11700 | Missing Authorization vulnerability in Mozilla Firefox A hyperlink using the res: protocol can be used to open local files at a known location in Internet Explorer if a user approves execution when prompted. | 4.3 |