Vulnerabilities > Mozilla > Firefox > Critical

DATE CVE VULNERABILITY TITLE RISK
2019-07-23 CVE-2019-11714 Improper Input Validation vulnerability in Mozilla Firefox
Necko can access a child on the wrong thread during UDP connections, resulting in a potentially exploitable crash in some instances.
network
low complexity
mozilla CWE-20
critical
9.8
2019-07-23 CVE-2019-9800 Out-of-bounds Write vulnerability in Mozilla Thunderbird
Mozilla developers and community members reported memory safety bugs present in Firefox 66, Firefox ESR 60.6, and Thunderbird 60.6.
network
low complexity
mozilla CWE-787
critical
9.8
2019-07-23 CVE-2019-9814 Out-of-bounds Write vulnerability in Mozilla Firefox
Mozilla developers and community members reported memory safety bugs present in Firefox 66.
network
low complexity
mozilla CWE-787
critical
9.8
2019-07-23 CVE-2019-9819 Type Confusion vulnerability in Mozilla Thunderbird
A vulnerability where a JavaScript compartment mismatch can occur while working with the fetch API, resulting in a potentially exploitable crash.
network
low complexity
mozilla CWE-843
critical
9.8
2019-07-23 CVE-2019-9820 Use After Free vulnerability in Mozilla Firefox ESR
A use-after-free vulnerability can occur in the chrome event handler when it is freed while still in use.
network
low complexity
mozilla CWE-416
critical
9.8
2019-04-26 CVE-2019-9788 Out-of-bounds Write vulnerability in multiple products
Mozilla developers and community members reported memory safety bugs present in Firefox 65, Firefox ESR 60.5, and Thunderbird 60.5.
network
low complexity
mozilla redhat CWE-787
critical
9.8
2019-04-26 CVE-2019-9789 Out-of-bounds Write vulnerability in Mozilla Firefox
Mozilla developers and community members reported memory safety bugs present in Firefox 65.
network
low complexity
mozilla CWE-787
critical
9.8
2019-04-26 CVE-2019-9790 Use After Free vulnerability in Mozilla Thunderbird
A use-after-free vulnerability can occur when a raw pointer to a DOM element on a page is obtained using JavaScript and the element is then removed while still in use.
network
low complexity
mozilla CWE-416
critical
9.8
2019-04-26 CVE-2019-9791 Type Confusion vulnerability in multiple products
The type inference system allows the compilation of functions that can cause type confusions between arbitrary objects when compiled through the IonMonkey just-in-time (JIT) compiler and when the constructor function is entered through on-stack replacement (OSR).
network
low complexity
mozilla redhat CWE-843
critical
9.8
2019-04-26 CVE-2019-9792 Out-of-bounds Write vulnerability in multiple products
The IonMonkey just-in-time (JIT) compiler can leak an internal JS_OPTIMIZED_OUT magic value to the running script during a bailout.
network
low complexity
mozilla redhat CWE-787
critical
9.8