Vulnerabilities > Mozilla > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-04-29 | CVE-2018-5123 | Cross-Site Request Forgery (CSRF) vulnerability in Mozilla Bugzilla A third party website can access information available to a user with access to a restricted bug entry using the image generation in report.cgi in all Bugzilla versions prior to 4.4. | 8.8 |
| 2019-04-26 | CVE-2019-9813 | Type Confusion vulnerability in Mozilla Thunderbird Incorrect handling of __proto__ mutations may lead to type confusion in IonMonkey JIT code and can be leveraged for arbitrary memory read and write. | 8.8 |
| 2019-04-26 | CVE-2019-9810 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Incorrect alias information in IonMonkey JIT compiler for Array.prototype.slice method may lead to missing bounds check and a buffer overflow. | 8.8 |
| 2019-04-26 | CVE-2019-9809 | Resource Management Errors vulnerability in Mozilla Firefox If the source for resources on a page is through an FTP connection, it is possible to trigger a series of modal alert messages for these resources through invalid credentials or locations. | 7.5 |
| 2019-04-26 | CVE-2019-9806 | Resource Management Errors vulnerability in Mozilla Firefox A vulnerability exists during authorization prompting for FTP transaction where successive modal prompts are displayed and cannot be immediately dismissed. | 7.5 |
| 2019-04-26 | CVE-2019-9803 | Origin Validation Error vulnerability in Mozilla Firefox The Upgrade-Insecure-Requests (UIR) specification states that if UIR is enabled through Content Security Policy (CSP), navigation to a same-origin URL must be upgraded to HTTPS. | 7.4 |
| 2019-04-26 | CVE-2019-9802 | Out-of-bounds Read vulnerability in Mozilla Firefox If a Sandbox content process is compromised, it can initiate an FTP download which will then use a child process to render the downloaded data. | 7.5 |
| 2019-04-26 | CVE-2019-9799 | Out-of-bounds Read vulnerability in Mozilla Firefox Insufficient bounds checking of data during inter-process communication might allow a compromised content process to be able to read memory from the parent process under certain conditions. | 7.5 |
| 2019-04-26 | CVE-2019-9798 | Untrusted Search Path vulnerability in Mozilla Firefox On Android systems, Firefox can load a library from APITRACE_LIB, which is writable by all users and applications. | 7.4 |
| 2019-04-26 | CVE-2018-18513 | NULL Pointer Dereference vulnerability in Mozilla Thunderbird A crash can occur when processing a crafted S/MIME message or an XPI package containing a crafted signature. | 7.5 |