VYPR

Firefox

by Mozilla Corporation

Source repositories

CVEs (3,179)

  • CVE-2019-11710CriJul 23, 2019
    risk 0.64cvss 9.8epss 0.02

    Mozilla developers and community members reported memory safety bugs present in Firefox 67. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects…

  • CVE-2019-11709CriJul 23, 2019
    risk 0.64cvss 9.8epss 0.02

    Mozilla developers and community members reported memory safety bugs present in Firefox 67 and Firefox ESR 60.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This…

  • CVE-2019-11693CriJul 23, 2019
    risk 0.64cvss 9.8epss 0.02

    The bufferdata function in WebGL is vulnerable to a buffer overflow with specific graphics drivers on Linux. This could result in malicious content freezing a tab or triggering a potentially exploitable crash. *Note: this issue only occurs on Linux. Other operating systems are…

  • CVE-2019-11692CriJul 23, 2019
    risk 0.64cvss 9.8epss 0.02

    A use-after-free vulnerability can occur when listeners are removed from the event listener manager while still in use, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7.

  • CVE-2019-11691CriJul 23, 2019
    risk 0.64cvss 9.8epss 0.02

    A use-after-free vulnerability can occur when working with XMLHttpRequest (XHR) in an event loop, causing the XHR main thread to be called after it has been freed. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and…

  • CVE-2019-9805CriApr 26, 2019
    risk 0.64cvss 9.8epss 0.01

    A latent vulnerability exists in the Prio library where data may be read from uninitialized memory for some functions, leading to potential memory corruption. This vulnerability affects Firefox < 66.

  • CVE-2019-9804CriApr 26, 2019
    risk 0.64cvss 9.8epss 0.02

    In Firefox Developer Tools it is possible that pasting the result of the 'Copy as cURL' command into a command shell on macOS will cause the execution of unintended additional bash script commands if the URL was maliciously crafted. This is the result of an issue with the native…

  • CVE-2019-9796CriApr 26, 2019
    risk 0.64cvss 9.8epss 0.02

    A use-after-free vulnerability can occur when the SMIL animation controller incorrectly registers with the refresh driver twice when only a single registration is expected. When a registration is later freed with the removal of the animation controller element, the refresh…

  • CVE-2019-9795CriApr 26, 2019
    risk 0.64cvss 9.8epss 0.02

    A vulnerability where type-confusion in the IonMonkey just-in-time (JIT) compiler could potentially be used by malicious JavaScript to trigger a potentially exploitable crash. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66.

  • CVE-2019-9794CriApr 26, 2019
    risk 0.64cvss 9.8epss 0.02

    A vulnerability was discovered where specific command line arguments are not properly discarded during Firefox invocation as a shell handler for URLs. This could be used to retrieve and execute files whose location is supplied through these command line arguments if Firefox is…

  • CVE-2019-9790CriApr 26, 2019
    risk 0.64cvss 9.8epss 0.02

    A use-after-free vulnerability can occur when a raw pointer to a DOM element on a page is obtained using JavaScript and the element is then removed while still in use. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.6, Firefox ESR <…

  • CVE-2019-9789CriApr 26, 2019
    risk 0.64cvss 9.8epss 0.01

    Mozilla developers and community members reported memory safety bugs present in Firefox 65. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects…

  • CVE-2019-9788CriApr 26, 2019
    risk 0.64cvss 9.8epss 0.02

    Mozilla developers and community members reported memory safety bugs present in Firefox 65, Firefox ESR 60.5, and Thunderbird 60.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run…

  • CVE-2018-18498CriFeb 28, 2019
    risk 0.64cvss 9.8epss 0.04

    A potential vulnerability leading to an integer overflow can occur during buffer size calculations for images when a raw value is used instead of the checked value. This leads to a possible out-of-bounds write. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4,…

  • CVE-2018-18493CriFeb 28, 2019
    risk 0.64cvss 9.8epss 0.05

    A buffer overflow can occur in the Skia library during buffer offset calculations with hardware accelerated canvas 2D actions due to the use of 32-bit calculations instead of 64-bit. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.4,…

  • CVE-2018-18492CriFeb 28, 2019
    risk 0.64cvss 9.8epss 0.10

    A use-after-free vulnerability can occur after deleting a selection element due to a weak reference to the select element in the options collection. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox <…

  • CVE-2018-12407CriFeb 28, 2019
    risk 0.64cvss 9.8epss 0.03

    A buffer overflow occurs when drawing and validating elements with the ANGLE graphics library, used for WebGL content, when working with the VertexBuffer11 module. This results in a potentially exploitable crash. This vulnerability affects Firefox < 64.

  • CVE-2018-12405CriFeb 28, 2019
    risk 0.64cvss 9.8epss 0.03

    Mozilla developers and community members reported memory safety bugs present in Firefox 63 and Firefox ESR 60.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This…

  • CVE-2018-12392CriFeb 28, 2019
    risk 0.64cvss 9.8epss 0.03

    When manipulating user events in nested loops while opening a document through script, it is possible to trigger a potentially exploitable crash due to poor event handling. This vulnerability affects Firefox < 63, Firefox ESR < 60.3, and Thunderbird < 60.3.

  • CVE-2018-12390CriFeb 28, 2019
    risk 0.64cvss 9.8epss 0.03

    Mozilla developers and community members reported memory safety bugs present in Firefox 62 and Firefox ESR 60.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This…

Page 12 of 159