Vulnerabilities > Mozilla > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-07-23 | CVE-2019-9811 | Injection vulnerability in multiple products As part of a winning Pwn2Own entry, a researcher demonstrated a sandbox escape by installing a malicious language pack and then opening a browser feature that used the compromised translation. | 8.3 |
| 2019-07-23 | CVE-2019-11729 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mozilla Firefox Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. | 7.5 |
| 2019-07-23 | CVE-2019-11723 | Origin Validation Error vulnerability in multiple products A vulnerability exists during the installation of add-ons where the initial fetch ignored the origin attributes of the browsing context. | 7.5 |
| 2019-07-23 | CVE-2019-11719 | Out-of-bounds Read vulnerability in Mozilla Firefox When importing a curve25519 private key in PKCS#8format with leading 0x00 bytes, it is possible to trigger an out-of-bounds read in the Network Security Services (NSS) library. | 7.5 |
| 2019-07-23 | CVE-2019-11716 | Improper Input Validation vulnerability in Mozilla Firefox Until explicitly accessed by script, window.globalThis is not enumerable and, as a result, is not visible to code such as Object.getOwnPropertyNames(window). | 8.3 |
| 2019-07-23 | CVE-2019-11712 | Cross-Site Request Forgery (CSRF) vulnerability in Mozilla Firefox POST requests made by NPAPI plugins, such as Flash, that receive a status 308 redirect response can bypass CORS requirements. | 8.8 |
| 2019-07-23 | CVE-2019-11711 | When an inner window is reused, it does not consider the use of document.domain for cross-origin protections. | 8.8 |
| 2019-07-23 | CVE-2019-11707 | Type Confusion vulnerability in Mozilla Thunderbird A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. | 8.8 |
| 2019-07-23 | CVE-2019-11706 | Type Confusion vulnerability in Mozilla Thunderbird A flaw in Thunderbird's implementation of iCal causes a type confusion in icaltimezone_get_vtimezone_properties when processing certain email messages, resulting in a crash. | 7.5 |
| 2019-07-23 | CVE-2019-11696 | Improper Input Validation vulnerability in Mozilla Firefox Files with the .JNLP extension used for "Java web start" applications are not treated as executable content for download prompts even though they can be executed if Java is installed on the local system. | 7.8 |