Vulnerabilities > Mozilla > Firefox > High

DATE CVE VULNERABILITY TITLE RISK
2019-04-26 CVE-2019-9813 Type Confusion vulnerability in Mozilla Thunderbird
Incorrect handling of __proto__ mutations may lead to type confusion in IonMonkey JIT code and can be leveraged for arbitrary memory read and write.
network
low complexity
mozilla CWE-843
8.8
2019-04-26 CVE-2019-9810 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Incorrect alias information in IonMonkey JIT compiler for Array.prototype.slice method may lead to missing bounds check and a buffer overflow.
network
low complexity
mozilla redhat CWE-119
8.8
2019-04-26 CVE-2019-9809 Resource Management Errors vulnerability in Mozilla Firefox
If the source for resources on a page is through an FTP connection, it is possible to trigger a series of modal alert messages for these resources through invalid credentials or locations.
network
low complexity
mozilla CWE-399
7.5
2019-04-26 CVE-2019-9806 Resource Management Errors vulnerability in Mozilla Firefox
A vulnerability exists during authorization prompting for FTP transaction where successive modal prompts are displayed and cannot be immediately dismissed.
network
low complexity
mozilla CWE-399
7.5
2019-04-26 CVE-2019-9803 Origin Validation Error vulnerability in Mozilla Firefox
The Upgrade-Insecure-Requests (UIR) specification states that if UIR is enabled through Content Security Policy (CSP), navigation to a same-origin URL must be upgraded to HTTPS.
network
high complexity
mozilla CWE-346
7.4
2019-04-26 CVE-2019-9802 Out-of-bounds Read vulnerability in Mozilla Firefox
If a Sandbox content process is compromised, it can initiate an FTP download which will then use a child process to render the downloaded data.
network
low complexity
mozilla CWE-125
7.5
2019-04-26 CVE-2019-9799 Out-of-bounds Read vulnerability in Mozilla Firefox
Insufficient bounds checking of data during inter-process communication might allow a compromised content process to be able to read memory from the parent process under certain conditions.
network
low complexity
mozilla CWE-125
7.5
2019-04-26 CVE-2019-9798 Untrusted Search Path vulnerability in Mozilla Firefox
On Android systems, Firefox can load a library from APITRACE_LIB, which is writable by all users and applications.
network
high complexity
mozilla CWE-426
7.4
2019-04-26 CVE-2018-5179 Missing Release of Resource after Effective Lifetime vulnerability in Mozilla Firefox
A service worker can send the activate event on itself periodically which allows it to run perpetually, allowing it to monitor activity by users.
network
low complexity
mozilla CWE-772
7.5
2019-04-15 CVE-2017-7777 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Use of uninitialized memory in Graphite2 library in Firefox before 54 in graphite2::GlyphCache::Loader::read_glyph function.
network
low complexity
mozilla sil CWE-119
8.8