Vulnerabilities > Mozilla > Firefox
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-04-26 | CVE-2019-9806 | Resource Management Errors vulnerability in Mozilla Firefox A vulnerability exists during authorization prompting for FTP transaction where successive modal prompts are displayed and cannot be immediately dismissed. | 7.5 |
| 2019-04-26 | CVE-2019-9805 | Use of Uninitialized Resource vulnerability in Mozilla Firefox A latent vulnerability exists in the Prio library where data may be read from uninitialized memory for some functions, leading to potential memory corruption. | 9.8 |
| 2019-04-26 | CVE-2019-9804 | OS Command Injection vulnerability in Mozilla Firefox In Firefox Developer Tools it is possible that pasting the result of the 'Copy as cURL' command into a command shell on macOS will cause the execution of unintended additional bash script commands if the URL was maliciously crafted. | 9.8 |
| 2019-04-26 | CVE-2019-9803 | Origin Validation Error vulnerability in Mozilla Firefox The Upgrade-Insecure-Requests (UIR) specification states that if UIR is enabled through Content Security Policy (CSP), navigation to a same-origin URL must be upgraded to HTTPS. | 7.4 |
| 2019-04-26 | CVE-2019-9802 | Out-of-bounds Read vulnerability in Mozilla Firefox If a Sandbox content process is compromised, it can initiate an FTP download which will then use a child process to render the downloaded data. | 7.5 |
| 2019-04-26 | CVE-2019-9801 | Improper Input Validation vulnerability in Mozilla Firefox Firefox will accept any registered Program ID as an external protocol handler and offer to launch this local application when given a matching URL on Windows operating systems. | 5.3 |
| 2019-04-26 | CVE-2019-9799 | Out-of-bounds Read vulnerability in Mozilla Firefox Insufficient bounds checking of data during inter-process communication might allow a compromised content process to be able to read memory from the parent process under certain conditions. | 7.5 |
| 2019-04-26 | CVE-2019-9798 | Untrusted Search Path vulnerability in Mozilla Firefox On Android systems, Firefox can load a library from APITRACE_LIB, which is writable by all users and applications. | 7.4 |
| 2019-04-26 | CVE-2019-9797 | Origin Validation Error vulnerability in Mozilla Firefox Cross-origin images can be read in violation of the same-origin policy by exporting an image after using createImageBitmap to read the image and then rendering the resulting bitmap image within a canvas element. | 5.3 |
| 2019-04-26 | CVE-2019-9796 | Use After Free vulnerability in Mozilla Firefox A use-after-free vulnerability can occur when the SMIL animation controller incorrectly registers with the refresh driver twice when only a single registration is expected. | 9.8 |