Vulnerabilities > Mozilla > Firefox > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-04-24 | CVE-2020-6823 | Missing Authorization vulnerability in Mozilla Firefox A malicious extension could have called <code>browser.identity.launchWebAuthFlow</code>, controlling the redirect_uri, and through the Promise returned, obtain the Auth code and gain access to the user's account at the service provider. | 9.8 |
| 2020-04-24 | CVE-2020-6825 | Out-of-bounds Write vulnerability in Mozilla Firefox Mozilla developers and community members Tyson Smith and Christian Holler reported memory safety bugs present in Firefox 74 and Firefox ESR 68.6. | 9.8 |
| 2020-04-24 | CVE-2020-6826 | Out-of-bounds Write vulnerability in Mozilla Firefox Mozilla developers Tyson Smith, Bob Clary, and Alexandru Michis reported memory safety bugs present in Firefox 74. | 9.8 |
| 2020-03-25 | CVE-2020-6814 | Out-of-bounds Write vulnerability in multiple products Mozilla developers reported memory safety bugs present in Firefox and Thunderbird 68.5. | 9.8 |
| 2020-03-25 | CVE-2020-6815 | Out-of-bounds Write vulnerability in Mozilla Firefox Mozilla developers reported memory safety and script safety bugs present in Firefox 73. | 9.8 |
| 2020-01-08 | CVE-2019-9812 | Unspecified vulnerability in Mozilla Firefox Given a compromised sandboxed content process due to a separate vulnerability, it is possible to escape that sandbox by loading accounts.firefox.com in that process and forcing a log-in to a malicious Firefox Sync account. | 9.3 |
| 2019-09-27 | CVE-2019-11733 | Improper Authentication vulnerability in Mozilla Firefox When a master password is set, it is required to be entered again before stored passwords can be accessed in the 'Saved Logins' dialog. | 9.8 |
| 2019-09-27 | CVE-2019-11734 | Out-of-bounds Write vulnerability in Mozilla Firefox Mozilla developers and community members reported memory safety bugs present in Firefox 68. | 9.8 |
| 2019-07-23 | CVE-2019-11691 | Use After Free vulnerability in Mozilla Thunderbird A use-after-free vulnerability can occur when working with XMLHttpRequest (XHR) in an event loop, causing the XHR main thread to be called after it has been freed. | 9.8 |
| 2019-07-23 | CVE-2019-11692 | Use After Free vulnerability in Mozilla Firefox A use-after-free vulnerability can occur when listeners are removed from the event listener manager while still in use, resulting in a potentially exploitable crash. | 9.8 |