Vulnerabilities > Mozilla > Firefox > Critical

DATE CVE VULNERABILITY TITLE RISK
2019-04-26 CVE-2019-9794 Argument Injection or Modification vulnerability in Mozilla Firefox
A vulnerability was discovered where specific command line arguments are not properly discarded during Firefox invocation as a shell handler for URLs.
network
low complexity
mozilla CWE-88
critical
9.8
2019-04-26 CVE-2019-9795 Type Confusion vulnerability in Mozilla Firefox
A vulnerability where type-confusion in the IonMonkey just-in-time (JIT) compiler could potentially be used by malicious JavaScript to trigger a potentially exploitable crash.
network
low complexity
mozilla CWE-843
critical
9.8
2019-04-26 CVE-2019-9796 Use After Free vulnerability in Mozilla Firefox
A use-after-free vulnerability can occur when the SMIL animation controller incorrectly registers with the refresh driver twice when only a single registration is expected.
network
low complexity
mozilla CWE-416
critical
9.8
2019-04-26 CVE-2019-9804 OS Command Injection vulnerability in Mozilla Firefox
In Firefox Developer Tools it is possible that pasting the result of the 'Copy as cURL' command into a command shell on macOS will cause the execution of unintended additional bash script commands if the URL was maliciously crafted.
network
low complexity
mozilla CWE-78
critical
9.8
2019-04-26 CVE-2019-9805 Use of Uninitialized Resource vulnerability in Mozilla Firefox
A latent vulnerability exists in the Prio library where data may be read from uninitialized memory for some functions, leading to potential memory corruption.
network
low complexity
mozilla CWE-908
critical
9.8
2019-04-15 CVE-2017-7774 Out-of-bounds Read vulnerability in multiple products
Out-of-bounds read in Graphite2 Library in Firefox before 54 in graphite2::Silf::readGraphite function.
network
low complexity
mozilla sil CWE-125
critical
9.1
2019-02-28 CVE-2018-12390 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Mozilla developers and community members reported memory safety bugs present in Firefox 62 and Firefox ESR 60.2.
network
low complexity
mozilla debian canonical redhat CWE-119
critical
9.8
2019-02-28 CVE-2018-12392 When manipulating user events in nested loops while opening a document through script, it is possible to trigger a potentially exploitable crash due to poor event handling.
network
low complexity
mozilla debian canonical redhat
critical
9.8
2019-02-28 CVE-2018-12405 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Mozilla developers and community members reported memory safety bugs present in Firefox 63 and Firefox ESR 60.3.
network
low complexity
mozilla debian canonical redhat CWE-119
critical
9.8
2019-02-28 CVE-2018-12407 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
A buffer overflow occurs when drawing and validating elements with the ANGLE graphics library, used for WebGL content, when working with the VertexBuffer11 module.
network
low complexity
mozilla canonical CWE-119
critical
9.8