Vulnerabilities > Mozilla > Firefox > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-07-23 | CVE-2019-11698 | Improper Input Validation vulnerability in Mozilla Firefox If a crafted hyperlink is dragged and dropped to the bookmark bar or sidebar and the resulting bookmark is subsequently dragged and dropped into the web content area, an arbitrary query of a user's browser history can be run and transmitted to the content page via drop event data. | 5.3 |
| 2019-07-23 | CVE-2019-11697 | Improper Input Validation vulnerability in Mozilla Firefox If the ALT and "a" keys are pressed when users receive an extension installation prompt, the extension will be installed without the install prompt delay that keeps the prompt visible in order for users to accept or decline the installation. | 6.5 |
| 2019-07-23 | CVE-2019-11695 | Unspecified vulnerability in Mozilla Firefox A custom cursor defined by scripting on a site can position itself over the addressbar to spoof the actual cursor when it should not be allowed outside of the primary web content area. | 4.3 |
| 2019-04-26 | CVE-2019-9808 | Origin Validation Error vulnerability in Mozilla Firefox If WebRTC permission is requested from documents with data: or blob: URLs, the permission notifications do not properly display the originating domain. | 5.3 |
| 2019-04-26 | CVE-2019-9807 | Improper Input Validation vulnerability in Mozilla Firefox When arbitrary text is sent over an FTP connection and a page reload is initiated, it is possible to create a modal alert message with this text as the content. | 4.3 |
| 2019-04-26 | CVE-2019-9801 | Improper Input Validation vulnerability in Mozilla Firefox Firefox will accept any registered Program ID as an external protocol handler and offer to launch this local application when given a matching URL on Windows operating systems. | 5.3 |
| 2019-04-26 | CVE-2019-9797 | Origin Validation Error vulnerability in Mozilla Firefox Cross-origin images can be read in violation of the same-origin policy by exporting an image after using createImageBitmap to read the image and then rendering the resulting bitmap image within a canvas element. | 5.3 |
| 2019-04-26 | CVE-2019-9793 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mozilla Firefox A mechanism was discovered that removes some bounds checking for string, array, or typed array accesses if Spectre mitigations have been disabled. | 5.9 |
| 2019-04-26 | CVE-2018-5124 | Cross-site Scripting vulnerability in Mozilla Firefox Unsanitized output in the browser UI leaves HTML tags in place and can result in arbitrary code execution in Firefox before version 58.0.1. | 6.1 |
| 2019-04-26 | CVE-2018-18511 | Information Exposure vulnerability in Mozilla Firefox 65.0 Cross-origin images can be read from a canvas element in violation of the same-origin policy using the transferFromImageBitmap method. | 4.3 |