Vulnerabilities > Mozilla > Firefox > 66.0.5
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-07-23 | CVE-2019-11714 | Improper Input Validation vulnerability in Mozilla Firefox Necko can access a child on the wrong thread during UDP connections, resulting in a potentially exploitable crash in some instances. | 7.5 |
| 2019-07-23 | CVE-2019-11713 | Use After Free vulnerability in Mozilla Firefox and Firefox ESR A use-after-free vulnerability can occur in HTTP/2 when a cached HTTP/2 stream is closed while still in use, resulting in a potentially exploitable crash. | 7.5 |
| 2019-07-23 | CVE-2019-11712 | Cross-Site Request Forgery (CSRF) vulnerability in Mozilla Firefox and Firefox ESR POST requests made by NPAPI plugins, such as Flash, that receive a status 308 redirect response can bypass CORS requirements. | 6.8 |
| 2019-07-23 | CVE-2019-11711 | When an inner window is reused, it does not consider the use of document.domain for cross-origin protections. | 8.8 |
| 2019-07-23 | CVE-2019-11710 | Out-of-bounds Write vulnerability in multiple products Mozilla developers and community members reported memory safety bugs present in Firefox 67. | 7.5 |
| 2019-07-23 | CVE-2019-11709 | Out-of-bounds Write vulnerability in multiple products Mozilla developers and community members reported memory safety bugs present in Firefox 67 and Firefox ESR 60.7. | 7.5 |
| 2019-07-23 | CVE-2019-11708 | Improper Input Validation vulnerability in Mozilla Firefox and Firefox ESR Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed parent process opening web content chosen by a compromised child process. | 10.0 |
| 2019-07-23 | CVE-2019-11702 | Missing Authorization vulnerability in Mozilla Firefox A hyperlink using protocols associated with Internet Explorer, such as IE.HTTP:, can be used to open local files at a known location with Internet Explorer if a user approves execution when prompted. | 4.3 |
| 2019-07-23 | CVE-2019-11701 | Cross-site Scripting vulnerability in Mozilla Firefox The default webcal: protocol handler will load a web site vulnerable to cross-site scripting (XSS) attacks. | 4.3 |
| 2019-07-23 | CVE-2019-11700 | Missing Authorization vulnerability in Mozilla Firefox A hyperlink using the res: protocol can be used to open local files at a known location in Internet Explorer if a user approves execution when prompted. | 4.3 |