Vulnerabilities > Mozilla > Firefox > 64.0.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-04-26 | CVE-2019-9793 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mozilla Firefox A mechanism was discovered that removes some bounds checking for string, array, or typed array accesses if Spectre mitigations have been disabled. | 5.9 |
| 2019-04-26 | CVE-2019-9792 | Out-of-bounds Write vulnerability in multiple products The IonMonkey just-in-time (JIT) compiler can leak an internal JS_OPTIMIZED_OUT magic value to the running script during a bailout. | 9.8 |
| 2019-04-26 | CVE-2019-9791 | Type Confusion vulnerability in multiple products The type inference system allows the compilation of functions that can cause type confusions between arbitrary objects when compiled through the IonMonkey just-in-time (JIT) compiler and when the constructor function is entered through on-stack replacement (OSR). | 9.8 |
| 2019-04-26 | CVE-2019-9790 | Use After Free vulnerability in Mozilla Thunderbird A use-after-free vulnerability can occur when a raw pointer to a DOM element on a page is obtained using JavaScript and the element is then removed while still in use. | 9.8 |
| 2019-04-26 | CVE-2019-9789 | Out-of-bounds Write vulnerability in Mozilla Firefox Mozilla developers and community members reported memory safety bugs present in Firefox 65. | 9.8 |
| 2019-04-26 | CVE-2019-9788 | Out-of-bounds Write vulnerability in multiple products Mozilla developers and community members reported memory safety bugs present in Firefox 65, Firefox ESR 60.5, and Thunderbird 60.5. | 9.8 |
| 2019-02-05 | CVE-2018-18506 | When proxy auto-detection is enabled, if a web server serves a Proxy Auto-Configuration (PAC) file or if a PAC file is loaded locally, this PAC file can specify that requests to the localhost are to be sent through the proxy to another server. | 5.9 |
| 2019-02-05 | CVE-2018-18505 | Improper Authentication vulnerability in multiple products An earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079, added authentication to communication between IPC endpoints and server parents during IPC process creation. | 10.0 |
| 2019-02-05 | CVE-2018-18504 | Out-of-bounds Read vulnerability in multiple products A crash and out-of-bounds read can occur when the buffer of a texture client is freed while it is still in use during graphic operations. | 9.8 |
| 2019-02-05 | CVE-2018-18503 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products When JavaScript is used to create and manipulate an audio buffer, a potentially exploitable crash may occur because of a compartment mismatch in some situations. | 8.8 |