Vulnerabilities > Mozilla > Firefox > 60.5.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-07-23 | CVE-2019-11716 | Improper Input Validation vulnerability in Mozilla Firefox Until explicitly accessed by script, window.globalThis is not enumerable and, as a result, is not visible to code such as Object.getOwnPropertyNames(window). | 8.3 |
| 2019-07-23 | CVE-2019-11715 | Cross-site Scripting vulnerability in Mozilla Firefox Due to an error while parsing page content, it is possible for properly sanitized user input to be misinterpreted and lead to XSS hazards on web sites in certain circumstances. | 6.1 |
| 2019-07-23 | CVE-2019-11714 | Improper Input Validation vulnerability in Mozilla Firefox Necko can access a child on the wrong thread during UDP connections, resulting in a potentially exploitable crash in some instances. | 9.8 |
| 2019-07-23 | CVE-2019-11713 | Use After Free vulnerability in Mozilla Firefox A use-after-free vulnerability can occur in HTTP/2 when a cached HTTP/2 stream is closed while still in use, resulting in a potentially exploitable crash. | 9.8 |
| 2019-07-23 | CVE-2019-11712 | Cross-Site Request Forgery (CSRF) vulnerability in Mozilla Firefox POST requests made by NPAPI plugins, such as Flash, that receive a status 308 redirect response can bypass CORS requirements. | 8.8 |
| 2019-07-23 | CVE-2019-11711 | When an inner window is reused, it does not consider the use of document.domain for cross-origin protections. | 8.8 |
| 2019-07-23 | CVE-2019-11710 | Out-of-bounds Write vulnerability in multiple products Mozilla developers and community members reported memory safety bugs present in Firefox 67. | 9.8 |
| 2019-07-23 | CVE-2019-11709 | Out-of-bounds Write vulnerability in multiple products Mozilla developers and community members reported memory safety bugs present in Firefox 67 and Firefox ESR 60.7. | 9.8 |
| 2019-07-23 | CVE-2019-11708 | Improper Input Validation vulnerability in Mozilla Firefox ESR Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed parent process opening web content chosen by a compromised child process. | 10.0 |
| 2019-07-23 | CVE-2019-11707 | Type Confusion vulnerability in Mozilla Thunderbird A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. | 8.8 |