68.2.0

DATE	CVE	VULNERABILITY TITLE	RISK
2020-03-02	CVE-2020-6792	Missing Initialization of Resource vulnerability in multiple products When deriving an identifier for an email message, uninitialized memory was used in addition to the message contents. network low complexity mozilla canonical CWE-909	4.3
2020-03-02	CVE-2019-17026	Type Confusion vulnerability in multiple products Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. network low complexity mozilla canonical CWE-843	8.8
2020-01-08	CVE-2019-17012	Out-of-bounds Write vulnerability in multiple products Mozilla developers reported memory safety bugs present in Firefox 70 and Firefox ESR 68.2. network low complexity mozilla opensuse canonical CWE-787	8.8
2020-01-08	CVE-2019-17011	Race Condition vulnerability in multiple products Under certain conditions, when retrieving a document from a DocShell in the antitracking code, a race condition could cause a use-after-free condition and a potentially exploitable crash. network high complexity mozilla opensuse canonical CWE-362	7.5
2020-01-08	CVE-2019-17010	Race Condition vulnerability in multiple products Under certain conditions, when checking the Resist Fingerprinting preference during device orientation checks, a race condition could have caused a use-after-free and a potentially exploitable crash. network high complexity mozilla opensuse canonical CWE-362	7.5
2020-01-08	CVE-2019-17009	When running, the updater service wrote status and log files to an unrestricted location; potentially allowing an unprivileged process to locate and exploit a vulnerability in file handling in the updater service. local low complexity mozilla opensuse	7.8
2020-01-08	CVE-2019-17008	Use After Free vulnerability in multiple products When using nested workers, a use-after-free could occur during worker destruction. network low complexity mozilla opensuse CWE-416	8.8
2020-01-08	CVE-2019-17005	Out-of-bounds Write vulnerability in multiple products The plain text serializer used a fixed-size array for the number of <ol> elements it could process; however it was possible to overflow the static-sized array leading to memory corruption and a potentially exploitable crash. network low complexity mozilla opensuse canonical CWE-787	8.8
2020-01-08	CVE-2019-11745	Out-of-bounds Write vulnerability in multiple products When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. network low complexity mozilla opensuse canonical debian redhat siemens CWE-787	8.8