Vulnerabilities > Mozilla > Firefox

DATE CVE VULNERABILITY TITLE RISK
2020-01-08 CVE-2019-17012 Out-of-bounds Write vulnerability in multiple products
Mozilla developers reported memory safety bugs present in Firefox 70 and Firefox ESR 68.2.
network
low complexity
mozilla opensuse canonical CWE-787
8.8
2020-01-08 CVE-2019-17011 Race Condition vulnerability in multiple products
Under certain conditions, when retrieving a document from a DocShell in the antitracking code, a race condition could cause a use-after-free condition and a potentially exploitable crash.
network
high complexity
mozilla opensuse canonical CWE-362
7.5
2020-01-08 CVE-2019-17010 Race Condition vulnerability in multiple products
Under certain conditions, when checking the Resist Fingerprinting preference during device orientation checks, a race condition could have caused a use-after-free and a potentially exploitable crash.
network
high complexity
mozilla opensuse canonical CWE-362
7.5
2020-01-08 CVE-2019-17009 When running, the updater service wrote status and log files to an unrestricted location; potentially allowing an unprivileged process to locate and exploit a vulnerability in file handling in the updater service.
local
low complexity
mozilla opensuse
7.8
2020-01-08 CVE-2019-17008 Use After Free vulnerability in multiple products
When using nested workers, a use-after-free could occur during worker destruction.
network
low complexity
mozilla opensuse CWE-416
8.8
2020-01-08 CVE-2019-17005 Out-of-bounds Write vulnerability in multiple products
The plain text serializer used a fixed-size array for the number of <ol> elements it could process; however it was possible to overflow the static-sized array leading to memory corruption and a potentially exploitable crash.
network
low complexity
mozilla opensuse canonical CWE-787
8.8
2020-01-08 CVE-2019-17002 Unspecified vulnerability in Mozilla Firefox
If upgrade-insecure-requests was specified in the Content Security Policy, and a link was dragged and dropped from that page, the link was not upgraded to https.
network
low complexity
mozilla
4.3
2020-01-08 CVE-2019-17001 Cross-site Scripting vulnerability in Mozilla Firefox 69.0
A Content-Security-Policy that blocks in-line scripts could be bypassed using an object tag to execute JavaScript in the protected document (cross-site scripting).
network
low complexity
mozilla CWE-79
6.1
2020-01-08 CVE-2019-17000 Cross-site Scripting vulnerability in Mozilla Firefox
An object tag with a data URI did not correctly inherit the document's Content Security Policy.
network
low complexity
mozilla CWE-79
6.1
2020-01-08 CVE-2019-11765 Incorrect Default Permissions vulnerability in Mozilla Firefox
A compromised content process could send a message to the parent process that would cause the 'Click to Play' permission prompt to be shown.
network
low complexity
mozilla CWE-276
6.5