Vulnerabilities > Mozilla > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-09-27 | CVE-2019-11752 | Use After Free vulnerability in Mozilla Firefox It is possible to delete an IndexedDB key value and subsequently try to extract it during conversion. | 8.8 |
| 2019-09-27 | CVE-2019-11751 | Argument Injection or Modification vulnerability in Mozilla Firefox Logging-related command line parameters are not properly sanitized when Firefox is launched by another program, such as when a user clicks on malicious links in a chat application. | 8.8 |
| 2019-09-27 | CVE-2019-11746 | Use After Free vulnerability in Mozilla Firefox A use-after-free vulnerability can occur while manipulating video elements if the body is freed while still in use. | 8.8 |
| 2019-09-27 | CVE-2019-11740 | Out-of-bounds Write vulnerability in multiple products Mozilla developers and community members reported memory safety bugs present in Firefox 68, Firefox ESR 68, and Firefox 60.8. | 8.8 |
| 2019-09-27 | CVE-2019-11736 | Race Condition vulnerability in Mozilla Firefox The Mozilla Maintenance Service does not guard against files being hardlinked to another file in the updates directory, allowing for the replacement of local files, including the Maintenance Service executable, which is run with privileged access. | 7.0 |
| 2019-09-27 | CVE-2019-11735 | Out-of-bounds Write vulnerability in multiple products Mozilla developers and community members reported memory safety bugs present in Firefox 68 and Firefox ESR 68. | 8.8 |
| 2019-07-23 | CVE-2019-9821 | Use After Free vulnerability in Mozilla Firefox A use-after-free vulnerability can occur in AssertWorkerThread due to a race condition with shared workers. | 8.1 |
| 2019-07-23 | CVE-2019-9818 | Use After Free vulnerability in Mozilla Firefox A race condition is present in the crash generation server used to generate data for the crash reporter. | 8.3 |
| 2019-07-23 | CVE-2019-9815 | Information Exposure Through Discrepancy vulnerability in Mozilla Firefox If hyperthreading is not disabled, a timing attack vulnerability exists, similar to previous Spectre attacks. | 8.1 |
| 2019-07-23 | CVE-2019-9811 | Injection vulnerability in multiple products As part of a winning Pwn2Own entry, a researcher demonstrated a sandbox escape by installing a malicious language pack and then opening a browser feature that used the compromised translation. | 8.3 |