Vulnerabilities > Mozilla > Firefox > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-07-23 | CVE-2019-11696 | Improper Input Validation vulnerability in Mozilla Firefox Files with the .JNLP extension used for "Java web start" applications are not treated as executable content for download prompts even though they can be executed if Java is installed on the local system. | 7.8 |
| 2019-07-23 | CVE-2019-11694 | Use of Uninitialized Resource vulnerability in Mozilla Firefox A vulnerability exists in the Windows sandbox where an uninitialized value in memory can be leaked to a renderer from a broker when making a call to access an otherwise unavailable file. | 7.5 |
| 2019-04-26 | CVE-2019-9813 | Type Confusion vulnerability in Mozilla Thunderbird Incorrect handling of __proto__ mutations may lead to type confusion in IonMonkey JIT code and can be leveraged for arbitrary memory read and write. | 8.8 |
| 2019-04-26 | CVE-2019-9810 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Incorrect alias information in IonMonkey JIT compiler for Array.prototype.slice method may lead to missing bounds check and a buffer overflow. | 8.8 |
| 2019-04-26 | CVE-2019-9809 | Resource Management Errors vulnerability in Mozilla Firefox If the source for resources on a page is through an FTP connection, it is possible to trigger a series of modal alert messages for these resources through invalid credentials or locations. | 7.5 |
| 2019-04-26 | CVE-2019-9806 | Resource Management Errors vulnerability in Mozilla Firefox A vulnerability exists during authorization prompting for FTP transaction where successive modal prompts are displayed and cannot be immediately dismissed. | 7.5 |
| 2019-04-26 | CVE-2019-9803 | Origin Validation Error vulnerability in Mozilla Firefox The Upgrade-Insecure-Requests (UIR) specification states that if UIR is enabled through Content Security Policy (CSP), navigation to a same-origin URL must be upgraded to HTTPS. | 7.4 |
| 2019-04-26 | CVE-2019-9802 | Out-of-bounds Read vulnerability in Mozilla Firefox If a Sandbox content process is compromised, it can initiate an FTP download which will then use a child process to render the downloaded data. | 7.5 |
| 2019-04-26 | CVE-2019-9799 | Out-of-bounds Read vulnerability in Mozilla Firefox Insufficient bounds checking of data during inter-process communication might allow a compromised content process to be able to read memory from the parent process under certain conditions. | 7.5 |
| 2019-04-26 | CVE-2019-9798 | Untrusted Search Path vulnerability in Mozilla Firefox On Android systems, Firefox can load a library from APITRACE_LIB, which is writable by all users and applications. | 7.4 |