Vulnerabilities > Mozilla > Firefox > 3.0

DATE CVE VULNERABILITY TITLE RISK
2020-01-08 CVE-2019-17005 Out-of-bounds Write vulnerability in multiple products
The plain text serializer used a fixed-size array for the number of <ol> elements it could process; however it was possible to overflow the static-sized array leading to memory corruption and a potentially exploitable crash.
6.8
2020-01-08 CVE-2019-17002 Improper Input Validation vulnerability in Mozilla Firefox
If upgrade-insecure-requests was specified in the Content Security Policy, and a link was dragged and dropped from that page, the link was not upgraded to https.
network
mozilla CWE-20
4.3
2020-01-08 CVE-2019-17000 Cross-site Scripting vulnerability in Mozilla Firefox
An object tag with a data URI did not correctly inherit the document's Content Security Policy.
network
mozilla CWE-79
5.8
2020-01-08 CVE-2019-11765 Incorrect Default Permissions vulnerability in Mozilla Firefox
A compromised content process could send a message to the parent process that would cause the 'Click to Play' permission prompt to be shown.
network
mozilla CWE-276
4.3
2020-01-08 CVE-2019-11764 Out-of-bounds Write vulnerability in multiple products
Mozilla developers and community members reported memory safety bugs present in Firefox 69 and Firefox ESR 68.1.
6.8
2020-01-08 CVE-2019-11763 Cross-site Scripting vulnerability in multiple products
Failure to correctly handle null bytes when processing HTML entities resulted in Firefox incorrectly parsing these entities.
network
low complexity
mozilla canonical CWE-79
6.1
2020-01-08 CVE-2019-11762 Origin Validation Error vulnerability in multiple products
If two same-origin documents set document.domain differently to become cross-origin, it was possible for them to call arbitrary DOM methods/getters/setters on the now-cross-origin window.
network
low complexity
mozilla canonical CWE-346
6.1
2020-01-08 CVE-2019-11761 Missing Authorization vulnerability in multiple products
By using a form with a data URI it was possible to gain access to the privileged JSONView object that had been cloned into content.
network
low complexity
mozilla canonical CWE-862
5.4
2020-01-08 CVE-2019-11760 Out-of-bounds Write vulnerability in multiple products
A fixed-size stack buffer could overflow in nrappkit when doing WebRTC signaling.
network
low complexity
mozilla canonical CWE-787
8.8
2020-01-08 CVE-2019-11759 Classic Buffer Overflow vulnerability in multiple products
An attacker could have caused 4 bytes of HMAC output to be written past the end of a buffer stored on the stack.
network
low complexity
mozilla canonical CWE-120
8.8