Vulnerabilities > Mozilla > Firefox

DATE CVE VULNERABILITY TITLE RISK
2019-07-23 CVE-2019-11709 Out-of-bounds Write vulnerability in multiple products
Mozilla developers and community members reported memory safety bugs present in Firefox 67 and Firefox ESR 60.7.
network
low complexity
mozilla opensuse suse debian CWE-787
critical
9.8
2019-07-23 CVE-2019-11708 Improper Input Validation vulnerability in Mozilla Firefox ESR
Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed parent process opening web content chosen by a compromised child process.
network
low complexity
mozilla CWE-20
critical
10.0
2019-07-23 CVE-2019-11707 Type Confusion vulnerability in Mozilla Thunderbird
A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop.
network
low complexity
mozilla CWE-843
8.8
2019-07-23 CVE-2019-11702 Missing Authorization vulnerability in Mozilla Firefox
A hyperlink using protocols associated with Internet Explorer, such as IE.HTTP:, can be used to open local files at a known location with Internet Explorer if a user approves execution when prompted.
network
low complexity
mozilla CWE-862
6.5
2019-07-23 CVE-2019-11701 Cross-site Scripting vulnerability in Mozilla Firefox
The default webcal: protocol handler will load a web site vulnerable to cross-site scripting (XSS) attacks.
network
low complexity
mozilla CWE-79
6.1
2019-07-23 CVE-2019-11700 Missing Authorization vulnerability in Mozilla Firefox
A hyperlink using the res: protocol can be used to open local files at a known location in Internet Explorer if a user approves execution when prompted.
network
low complexity
mozilla CWE-862
6.5
2019-07-23 CVE-2019-11699 Unspecified vulnerability in Mozilla Firefox
A malicious page can briefly cause the wrong name to be highlighted as the domain name in the addressbar during page navigations.
network
low complexity
mozilla
6.5
2019-07-23 CVE-2019-11698 Improper Input Validation vulnerability in Mozilla Firefox
If a crafted hyperlink is dragged and dropped to the bookmark bar or sidebar and the resulting bookmark is subsequently dragged and dropped into the web content area, an arbitrary query of a user's browser history can be run and transmitted to the content page via drop event data.
network
low complexity
mozilla CWE-20
5.3
2019-07-23 CVE-2019-11697 Improper Input Validation vulnerability in Mozilla Firefox
If the ALT and "a" keys are pressed when users receive an extension installation prompt, the extension will be installed without the install prompt delay that keeps the prompt visible in order for users to accept or decline the installation.
network
low complexity
mozilla CWE-20
6.5
2019-07-23 CVE-2019-11696 Improper Input Validation vulnerability in Mozilla Firefox
Files with the .JNLP extension used for "Java web start" applications are not treated as executable content for download prompts even though they can be executed if Java is installed on the local system.
local
low complexity
mozilla CWE-20
7.8