Vulnerabilities > Mozilla > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-07-23 | CVE-2019-11715 | Cross-site Scripting vulnerability in Mozilla Firefox Due to an error while parsing page content, it is possible for properly sanitized user input to be misinterpreted and lead to XSS hazards on web sites in certain circumstances. | 6.1 |
2019-07-23 | CVE-2019-11702 | Missing Authorization vulnerability in Mozilla Firefox A hyperlink using protocols associated with Internet Explorer, such as IE.HTTP:, can be used to open local files at a known location with Internet Explorer if a user approves execution when prompted. | 6.5 |
2019-07-23 | CVE-2019-11701 | Cross-site Scripting vulnerability in Mozilla Firefox The default webcal: protocol handler will load a web site vulnerable to cross-site scripting (XSS) attacks. | 6.1 |
2019-07-23 | CVE-2019-11700 | Missing Authorization vulnerability in Mozilla Firefox A hyperlink using the res: protocol can be used to open local files at a known location in Internet Explorer if a user approves execution when prompted. | 6.5 |
2019-07-23 | CVE-2019-11699 | Unspecified vulnerability in Mozilla Firefox A malicious page can briefly cause the wrong name to be highlighted as the domain name in the addressbar during page navigations. | 6.5 |
2019-07-23 | CVE-2019-11698 | Improper Input Validation vulnerability in Mozilla Firefox If a crafted hyperlink is dragged and dropped to the bookmark bar or sidebar and the resulting bookmark is subsequently dragged and dropped into the web content area, an arbitrary query of a user's browser history can be run and transmitted to the content page via drop event data. | 5.3 |
2019-07-23 | CVE-2019-11697 | Improper Input Validation vulnerability in Mozilla Firefox If the ALT and "a" keys are pressed when users receive an extension installation prompt, the extension will be installed without the install prompt delay that keeps the prompt visible in order for users to accept or decline the installation. | 6.5 |
2019-07-23 | CVE-2019-11695 | Unspecified vulnerability in Mozilla Firefox A custom cursor defined by scripting on a site can position itself over the addressbar to spoof the actual cursor when it should not be allowed outside of the primary web content area. | 4.3 |
2019-05-02 | CVE-2018-12404 | Unspecified vulnerability in Mozilla Network Security Services A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. | 5.9 |
2019-04-29 | CVE-2018-12384 | Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) vulnerability in Mozilla Network Security Services When handling a SSLv2-compatible ClientHello request, the server doesn't generate a new random value but sends an all-zero value instead. | 5.9 |