| CVE-2019-11730 |
Medium |
Yes |
Arbitrary filesystem access |
A vulnerability exists in Firefox before 68.0 where if a user opens a locally saved HTML file, this file can use file: URIs to access other files in the... |
| CVE-2019-11729 |
Medium |
Yes |
Denial of service |
Empty or malformed p256-ECDH public keys may trigger a segmentation fault in Firefox before 68.0 due values being improperly sanitized before being copied... |
| CVE-2019-11728 |
Low |
Yes |
Information disclosure |
In firefox before 68.0, the HTTP Alternative Services header, Alt-Svc, can be used by a malicious site to scan all TCP ports of any host that the accessible... |
| CVE-2019-11727 |
Low |
Yes |
Silent downgrade |
A vulnerability exists in Firefox before 68.0 where it is possible to force Network Security Services (NSS) to sign CertificateVerify with PKCS#1 v1.5... |
| CVE-2019-11725 |
Low |
Yes |
Access restriction bypass |
In Firefox before 68.0, when a user navigates to a site marked as unsafe by the Safebrowsing API, warning messages are displayed and navigation is... |
| CVE-2019-11724 |
Low |
Yes |
Access restriction bypass |
Application permissions in Firefox before 68.0 give additional remote troubleshooting permission to the site input.mozilla.org, which has been retired and... |
| CVE-2019-11723 |
Low |
Yes |
Information disclosure |
A vulnerability exists in Firefox 68.0 during the installation of add- ons where the initial fetch ignored the origin attributes of the browsing context.... |
| CVE-2019-11721 |
Medium |
Yes |
Content spoofing |
The unicode latin 'kra' character can be used to spoof a standard 'k' character in the addressbar in Firefox before 68.0. This allows for domain spoofing... |
| CVE-2019-11720 |
Medium |
Yes |
Insufficient validation |
In Firefox before 68.0, some unicode characters are incorrectly treated as whitespace during the parsing of web content instead of triggering parsing... |
| CVE-2019-11719 |
Medium |
Yes |
Information disclosure |
In Firefox before 68.0, when importing a curve25519 private key in PKCS#8format with leading 0x00 bytes, it is possible to trigger an out-of-bounds read in... |
| CVE-2019-11718 |
Medium |
Yes |
Insufficient validation |
In Firefox before 68.0, Activity Stream can display content from sent from the Snippet Service website. This content is written to innerHTML on the Activity... |
| CVE-2019-11717 |
Medium |
Yes |
Insufficient validation |
A vulnerability exists in Firebox before 68.0 where the caret ("^") character is improperly escaped constructing some URIs due to it being used as a... |
| CVE-2019-11716 |
Medium |
Yes |
Access restriction bypass |
In Firefox before 68.0, until explicitly accessed by script, window.globalThis is not enumerable and, as a result, is not visible to code such as... |
| CVE-2019-11715 |
Medium |
Yes |
Cross-site scripting |
In Firefox before 68.0, due to an error while parsing page content, it is possible for properly sanitized user input to be misinterpreted and lead to XSS... |
| CVE-2019-11714 |
Critical |
Yes |
Arbitrary code execution |
Necko can access a child on the wrong thread during UDP connections, resulting in a potentially exploitable crash in some instances. |
| CVE-2019-11713 |
Critical |
Yes |
Arbitrary code execution |
A use-after-free vulnerability can occur in the HTTP/2 component of Firefox before 68.0, when a cached HTTP/2 stream is closed while still in use, resulting... |
| CVE-2019-11712 |
High |
Yes |
Cross-site request forgery |
In Firefox before 68.0, POST requests made by NPAPI plugins, such as Flash, that receive a status 308 redirect response can bypass CORS requirements. This... |
| CVE-2019-11711 |
High |
Yes |
Access restriction bypass |
In Firefox before 68.0, when an inner window is reused, it does not consider the use of document.domain for cross-origin protections. If pages on different... |
| CVE-2019-11710 |
Critical |
Yes |
Arbitrary code execution |
Several memory safety bugs have been found in Firefox before 68.0. Some of these bugs showed evidence of memory corruption and Mozilla presumes that with... |
| CVE-2019-11709 |
Critical |
Yes |
Arbitrary code execution |
Several memory safety bugs have been found in Firefox before 68.0. Some of these bugs showed evidence of memory corruption and Mozilla presumes that with... |
| CVE-2019-9811 |
High |
Yes |
Sandbox escape |
A sandbox escape has been found in Firefox before 68.0, by installing a malicious language pack and then opening a browser feature that used the compromised... |