Vulnerabilities > Mozilla
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-04-29 | CVE-2018-12384 | Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) vulnerability in Mozilla Network Security Services When handling a SSLv2-compatible ClientHello request, the server doesn't generate a new random value but sends an all-zero value instead. | 5.9 |
| 2019-04-26 | CVE-2019-9813 | Type Confusion vulnerability in Mozilla Thunderbird Incorrect handling of __proto__ mutations may lead to type confusion in IonMonkey JIT code and can be leveraged for arbitrary memory read and write. | 8.8 |
| 2019-04-26 | CVE-2019-9810 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Incorrect alias information in IonMonkey JIT compiler for Array.prototype.slice method may lead to missing bounds check and a buffer overflow. | 8.8 |
| 2019-04-26 | CVE-2019-9809 | Resource Management Errors vulnerability in Mozilla Firefox If the source for resources on a page is through an FTP connection, it is possible to trigger a series of modal alert messages for these resources through invalid credentials or locations. | 7.5 |
| 2019-04-26 | CVE-2019-9808 | Origin Validation Error vulnerability in Mozilla Firefox If WebRTC permission is requested from documents with data: or blob: URLs, the permission notifications do not properly display the originating domain. | 5.3 |
| 2019-04-26 | CVE-2019-9807 | Improper Input Validation vulnerability in Mozilla Firefox When arbitrary text is sent over an FTP connection and a page reload is initiated, it is possible to create a modal alert message with this text as the content. | 4.3 |
| 2019-04-26 | CVE-2019-9806 | Resource Management Errors vulnerability in Mozilla Firefox A vulnerability exists during authorization prompting for FTP transaction where successive modal prompts are displayed and cannot be immediately dismissed. | 7.5 |
| 2019-04-26 | CVE-2019-9805 | Use of Uninitialized Resource vulnerability in Mozilla Firefox A latent vulnerability exists in the Prio library where data may be read from uninitialized memory for some functions, leading to potential memory corruption. | 9.8 |
| 2019-04-26 | CVE-2019-9804 | OS Command Injection vulnerability in Mozilla Firefox In Firefox Developer Tools it is possible that pasting the result of the 'Copy as cURL' command into a command shell on macOS will cause the execution of unintended additional bash script commands if the URL was maliciously crafted. | 9.8 |
| 2019-04-26 | CVE-2019-9803 | Origin Validation Error vulnerability in Mozilla Firefox The Upgrade-Insecure-Requests (UIR) specification states that if UIR is enabled through Content Security Policy (CSP), navigation to a same-origin URL must be upgraded to HTTPS. | 7.4 |