Vulnerabilities > Mozilla > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-07-23 | CVE-2019-11708 | Improper Input Validation vulnerability in Mozilla Firefox ESR Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed parent process opening web content chosen by a compromised child process. | 10.0 |
| 2019-07-23 | CVE-2019-11705 | Out-of-bounds Write vulnerability in Mozilla Thunderbird A flaw in Thunderbird's implementation of iCal causes a stack buffer overflow in icalrecur_add_bydayrules when processing certain email messages, resulting in a potentially exploitable crash. | 9.8 |
| 2019-07-23 | CVE-2019-11704 | Out-of-bounds Write vulnerability in Mozilla Thunderbird A flaw in Thunderbird's implementation of iCal causes a heap buffer overflow in icalmemory_strdup_and_dequote when processing certain email messages, resulting in a potentially exploitable crash. | 9.8 |
| 2019-07-23 | CVE-2019-11703 | Out-of-bounds Write vulnerability in Mozilla Thunderbird A flaw in Thunderbird's implementation of iCal causes a heap buffer overflow in parser_get_next_char when processing certain email messages, resulting in a potentially exploitable crash. | 9.8 |
| 2019-07-23 | CVE-2019-11693 | Out-of-bounds Write vulnerability in Mozilla Firefox The bufferdata function in WebGL is vulnerable to a buffer overflow with specific graphics drivers on Linux. | 9.8 |
| 2019-07-23 | CVE-2019-11692 | Use After Free vulnerability in Mozilla Firefox A use-after-free vulnerability can occur when listeners are removed from the event listener manager while still in use, resulting in a potentially exploitable crash. | 9.8 |
| 2019-07-23 | CVE-2019-11691 | Use After Free vulnerability in Mozilla Thunderbird A use-after-free vulnerability can occur when working with XMLHttpRequest (XHR) in an event loop, causing the XHR main thread to be called after it has been freed. | 9.8 |
| 2019-04-26 | CVE-2019-9805 | Use of Uninitialized Resource vulnerability in Mozilla Firefox A latent vulnerability exists in the Prio library where data may be read from uninitialized memory for some functions, leading to potential memory corruption. | 9.8 |
| 2019-04-26 | CVE-2019-9804 | OS Command Injection vulnerability in Mozilla Firefox In Firefox Developer Tools it is possible that pasting the result of the 'Copy as cURL' command into a command shell on macOS will cause the execution of unintended additional bash script commands if the URL was maliciously crafted. | 9.8 |
| 2019-04-26 | CVE-2019-9796 | Use After Free vulnerability in Mozilla Firefox and Firefox ESR A use-after-free vulnerability can occur when the SMIL animation controller incorrectly registers with the refresh driver twice when only a single registration is expected. | 9.8 |