Vulnerabilities > Mozilla
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-28 | CVE-2020-6803 | Open Redirect vulnerability in Mozilla Webthings Gateway An open redirect is present on the gateway's login page, which could cause a user to be redirected to a malicious site after logging in. | 6.1 |
| 2020-02-18 | CVE-2013-4227 | Cross-Site Request Forgery (CSRF) vulnerability in Mozilla Persona Cross-site request forgery (CSRF) vulnerability in the persona_xsrf_token function in persona.module in the Mozilla Persona module 7.x-1.x before 7.x-1.11 for Drupal allows remote attackers to hijack the authentication of aribitrary users via a security token that is not a string data type. | 8.8 |
| 2020-02-18 | CVE-2013-5594 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Mozilla Firefox Mozilla Firefox before 25 allows modification of anonymous content of pluginProblem.xml binding | 4.3 |
| 2020-01-21 | CVE-2011-2669 | Improper Certificate Validation vulnerability in Mozilla Firefox Mozilla Firefox prior to 3.6 has a DoS vulnerability due to an issue in the validation of certificates. | 6.5 |
| 2020-01-21 | CVE-2011-2668 | Unspecified vulnerability in Mozilla Firefox Mozilla Firefox through 1.5.0.3 has a vulnerability in processing the content-length header | 8.8 |
| 2020-01-13 | CVE-2011-2670 | Cross-site Scripting vulnerability in Mozilla Firefox Mozilla Firefox before 3.6 is vulnerable to XSS via the rendering of Cascading Style Sheets | 6.1 |
| 2020-01-08 | CVE-2019-9812 | Unspecified vulnerability in Mozilla Firefox Given a compromised sandboxed content process due to a separate vulnerability, it is possible to escape that sandbox by loading accounts.firefox.com in that process and forcing a log-in to a malicious Firefox Sync account. | 9.3 |
| 2020-01-08 | CVE-2019-17025 | Out-of-bounds Write vulnerability in multiple products Mozilla developers reported memory safety bugs present in Firefox 71. | 8.8 |
| 2020-01-08 | CVE-2019-17024 | Out-of-bounds Write vulnerability in multiple products Mozilla developers reported memory safety bugs present in Firefox 71 and Firefox ESR 68.3. | 8.8 |
| 2020-01-08 | CVE-2019-17023 | Improper Authentication vulnerability in multiple products After a HelloRetryRequest has been sent, the client may negotiate a lower protocol that TLS 1.3, resulting in an invalid state transition in the TLS State Machine. | 6.5 |