Vulnerabilities > Mozilla > Firefox > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-04-26 | CVE-2019-9810 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Incorrect alias information in IonMonkey JIT compiler for Array.prototype.slice method may lead to missing bounds check and a buffer overflow. | 8.8 |
| 2019-04-26 | CVE-2019-9809 | Resource Management Errors vulnerability in Mozilla Firefox If the source for resources on a page is through an FTP connection, it is possible to trigger a series of modal alert messages for these resources through invalid credentials or locations. | 7.5 |
| 2019-04-26 | CVE-2019-9806 | Resource Management Errors vulnerability in Mozilla Firefox A vulnerability exists during authorization prompting for FTP transaction where successive modal prompts are displayed and cannot be immediately dismissed. | 7.5 |
| 2019-04-26 | CVE-2019-9803 | Origin Validation Error vulnerability in Mozilla Firefox The Upgrade-Insecure-Requests (UIR) specification states that if UIR is enabled through Content Security Policy (CSP), navigation to a same-origin URL must be upgraded to HTTPS. | 7.4 |
| 2019-04-26 | CVE-2019-9802 | Out-of-bounds Read vulnerability in Mozilla Firefox If a Sandbox content process is compromised, it can initiate an FTP download which will then use a child process to render the downloaded data. | 7.5 |
| 2019-04-26 | CVE-2019-9799 | Out-of-bounds Read vulnerability in Mozilla Firefox Insufficient bounds checking of data during inter-process communication might allow a compromised content process to be able to read memory from the parent process under certain conditions. | 7.5 |
| 2019-04-26 | CVE-2019-9798 | Untrusted Search Path vulnerability in Mozilla Firefox On Android systems, Firefox can load a library from APITRACE_LIB, which is writable by all users and applications. | 7.4 |
| 2019-04-26 | CVE-2018-5179 | Missing Release of Resource after Effective Lifetime vulnerability in Mozilla Firefox A service worker can send the activate event on itself periodically which allows it to run perpetually, allowing it to monitor activity by users. | 7.5 |
| 2019-04-15 | CVE-2017-7777 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Use of uninitialized memory in Graphite2 library in Firefox before 54 in graphite2::GlyphCache::Loader::read_glyph function. | 8.8 |
| 2019-04-15 | CVE-2017-7776 | Out-of-bounds Read vulnerability in multiple products Heap-based Buffer Overflow read in Graphite2 library in Firefox before 54 in graphite2::Silf::getClassGlyph. | 8.1 |