Vulnerabilities > Mozilla
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-07-23 | CVE-2019-11692 | Use After Free vulnerability in Mozilla Firefox A use-after-free vulnerability can occur when listeners are removed from the event listener manager while still in use, resulting in a potentially exploitable crash. | 9.8 |
| 2019-07-23 | CVE-2019-11691 | Use After Free vulnerability in Mozilla Thunderbird A use-after-free vulnerability can occur when working with XMLHttpRequest (XHR) in an event loop, causing the XHR main thread to be called after it has been freed. | 9.8 |
| 2019-05-02 | CVE-2018-12404 | Unspecified vulnerability in Mozilla Network Security Services A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. | 5.9 |
| 2019-04-29 | CVE-2018-5123 | Cross-Site Request Forgery (CSRF) vulnerability in Mozilla Bugzilla A third party website can access information available to a user with access to a restricted bug entry using the image generation in report.cgi in all Bugzilla versions prior to 4.4. | 8.8 |
| 2019-04-29 | CVE-2018-12384 | Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) vulnerability in Mozilla Network Security Services When handling a SSLv2-compatible ClientHello request, the server doesn't generate a new random value but sends an all-zero value instead. | 5.9 |
| 2019-04-26 | CVE-2019-9813 | Type Confusion vulnerability in Mozilla Thunderbird Incorrect handling of __proto__ mutations may lead to type confusion in IonMonkey JIT code and can be leveraged for arbitrary memory read and write. | 8.8 |
| 2019-04-26 | CVE-2019-9810 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Incorrect alias information in IonMonkey JIT compiler for Array.prototype.slice method may lead to missing bounds check and a buffer overflow. | 8.8 |
| 2019-04-26 | CVE-2019-9809 | Resource Management Errors vulnerability in Mozilla Firefox If the source for resources on a page is through an FTP connection, it is possible to trigger a series of modal alert messages for these resources through invalid credentials or locations. | 7.5 |
| 2019-04-26 | CVE-2019-9808 | Origin Validation Error vulnerability in Mozilla Firefox If WebRTC permission is requested from documents with data: or blob: URLs, the permission notifications do not properly display the originating domain. | 5.3 |
| 2019-04-26 | CVE-2019-9807 | Improper Input Validation vulnerability in Mozilla Firefox When arbitrary text is sent over an FTP connection and a page reload is initiated, it is possible to create a modal alert message with this text as the content. | 4.3 |