Vulnerabilities > Mozilla > Firefox

DATE CVE VULNERABILITY TITLE RISK
2019-07-23 CVE-2019-11719 Out-of-bounds Read vulnerability in Mozilla Firefox
When importing a curve25519 private key in PKCS#8format with leading 0x00 bytes, it is possible to trigger an out-of-bounds read in the Network Security Services (NSS) library.
network
low complexity
mozilla CWE-125
7.5
2019-07-23 CVE-2019-11718 Injection vulnerability in multiple products
Activity Stream can display content from sent from the Snippet Service website.
network
low complexity
mozilla opensuse CWE-74
5.3
2019-07-23 CVE-2019-11717 Improper Encoding or Escaping of Output vulnerability in multiple products
A vulnerability exists where the caret ("^") character is improperly escaped constructing some URIs due to it being used as a separator, allowing for possible spoofing of origin attributes.
network
low complexity
mozilla debian novell opensuse CWE-116
5.3
2019-07-23 CVE-2019-11716 Improper Input Validation vulnerability in Mozilla Firefox
Until explicitly accessed by script, window.globalThis is not enumerable and, as a result, is not visible to code such as Object.getOwnPropertyNames(window).
network
low complexity
mozilla CWE-20
8.3
2019-07-23 CVE-2019-11715 Cross-site Scripting vulnerability in Mozilla Firefox
Due to an error while parsing page content, it is possible for properly sanitized user input to be misinterpreted and lead to XSS hazards on web sites in certain circumstances.
network
low complexity
mozilla CWE-79
6.1
2019-07-23 CVE-2019-11714 Improper Input Validation vulnerability in Mozilla Firefox
Necko can access a child on the wrong thread during UDP connections, resulting in a potentially exploitable crash in some instances.
network
low complexity
mozilla CWE-20
critical
9.8
2019-07-23 CVE-2019-11713 Use After Free vulnerability in Mozilla Firefox
A use-after-free vulnerability can occur in HTTP/2 when a cached HTTP/2 stream is closed while still in use, resulting in a potentially exploitable crash.
network
low complexity
mozilla CWE-416
critical
9.8
2019-07-23 CVE-2019-11712 Cross-Site Request Forgery (CSRF) vulnerability in Mozilla Firefox
POST requests made by NPAPI plugins, such as Flash, that receive a status 308 redirect response can bypass CORS requirements.
network
low complexity
mozilla CWE-352
8.8
2019-07-23 CVE-2019-11711 When an inner window is reused, it does not consider the use of document.domain for cross-origin protections.
network
low complexity
mozilla debian
8.8
2019-07-23 CVE-2019-11710 Out-of-bounds Write vulnerability in multiple products
Mozilla developers and community members reported memory safety bugs present in Firefox 67.
network
low complexity
mozilla opensuse CWE-787
critical
9.8