Vulnerabilities > Mozilla > Firefox > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-07-23 | CVE-2019-11714 | Improper Input Validation vulnerability in Mozilla Firefox Necko can access a child on the wrong thread during UDP connections, resulting in a potentially exploitable crash in some instances. | 9.8 |
2019-07-23 | CVE-2019-9800 | Out-of-bounds Write vulnerability in Mozilla Thunderbird Mozilla developers and community members reported memory safety bugs present in Firefox 66, Firefox ESR 60.6, and Thunderbird 60.6. | 9.8 |
2019-07-23 | CVE-2019-9814 | Out-of-bounds Write vulnerability in Mozilla Firefox Mozilla developers and community members reported memory safety bugs present in Firefox 66. | 9.8 |
2019-07-23 | CVE-2019-9819 | Type Confusion vulnerability in Mozilla Thunderbird A vulnerability where a JavaScript compartment mismatch can occur while working with the fetch API, resulting in a potentially exploitable crash. | 9.8 |
2019-07-23 | CVE-2019-9820 | Use After Free vulnerability in Mozilla Firefox ESR A use-after-free vulnerability can occur in the chrome event handler when it is freed while still in use. | 9.8 |
2019-04-26 | CVE-2019-9788 | Out-of-bounds Write vulnerability in multiple products Mozilla developers and community members reported memory safety bugs present in Firefox 65, Firefox ESR 60.5, and Thunderbird 60.5. | 9.8 |
2019-04-26 | CVE-2019-9789 | Out-of-bounds Write vulnerability in Mozilla Firefox Mozilla developers and community members reported memory safety bugs present in Firefox 65. | 9.8 |
2019-04-26 | CVE-2019-9790 | Use After Free vulnerability in Mozilla Thunderbird A use-after-free vulnerability can occur when a raw pointer to a DOM element on a page is obtained using JavaScript and the element is then removed while still in use. | 9.8 |
2019-04-26 | CVE-2019-9791 | Type Confusion vulnerability in multiple products The type inference system allows the compilation of functions that can cause type confusions between arbitrary objects when compiled through the IonMonkey just-in-time (JIT) compiler and when the constructor function is entered through on-stack replacement (OSR). | 9.8 |
2019-04-26 | CVE-2019-9792 | Out-of-bounds Write vulnerability in multiple products The IonMonkey just-in-time (JIT) compiler can leak an internal JS_OPTIMIZED_OUT magic value to the running script during a bailout. | 9.8 |