| CVE-2019-11752 |
High |
Yes |
Arbitrary code execution |
In Firefox before 69.0, it is possible to delete an IndexedDB key value and subsequently try to extract it during conversion. This results in a... |
| CVE-2019-11750 |
Medium |
Yes |
Denial of service |
A type confusion vulnerability exists in the Spidermonkey component of Firefox before 69.0, which results in a non-exploitable crash. |
| CVE-2019-11749 |
Medium |
Yes |
Information disclosure |
A vulnerability exists in the WebRTC component of Firefox before 69.0 where malicious web content can use probing techniques on the getUserMedia API using... |
| CVE-2019-11748 |
Medium |
Yes |
Access restriction bypass |
WebRTC in Firefox before 69.0 will honor persisted permissions given to sites for access to microphone and camera resources even when in a third-party... |
| CVE-2019-11747 |
Low |
Yes |
Access restriction bypass |
The "Forget about this site" feature in the History pane is intended to remove all saved user data that indicates a user has visited a site. This includes... |
| CVE-2019-11746 |
High |
Yes |
Arbitrary code execution |
A use-after-free vulnerability can occur in Firefox before 69.0 while manipulating video elements if the body is freed while still in use. This results in a... |
| CVE-2019-11744 |
High |
Yes |
Cross-site scripting |
A security issue has been found in Firefox before 69.0. Some HTML elements, such as <title> and <textarea>, can contain literal angle brackets without... |
| CVE-2019-11743 |
Medium |
Yes |
Information disclosure |
In Firefox before 69.0, navigation events were not fully adhering to the W3C's "Navigation-Timing Level 2" draft specification in some instances for the... |
| CVE-2019-11742 |
High |
Yes |
Same-origin policy bypass |
A same-origin policy violation can occur in Firefox before 69.0, allowing the theft of cross-origin images through a combination of SVG filters and a... |
| CVE-2019-11741 |
High |
Yes |
Cross-site scripting |
In Firefox before 69.0, a compromised sandboxed content process can perform a Universal Cross-site Scripting (UXSS) attack on content from any site it can... |
| CVE-2019-11740 |
High |
Yes |
Arbitrary code execution |
Several memory safety bugs have been found in Firefox before 69.0. Some of these bugs showed evidence of memory corruption and Mozilla presumes that with... |
| CVE-2019-11738 |
Low |
Yes |
Access restriction bypass |
In Firefox before 69.0, if a Content Security Policy (CSP) directive is defined that uses a hash-based source that takes the empty string as input,... |
| CVE-2019-11737 |
Low |
Yes |
Access restriction bypass |
In Firefox before 69.0, if a wildcard ('*') is specified for the host in Content Security Policy (CSP) directives, any port or path restriction of the... |
| CVE-2019-11735 |
High |
Yes |
Arbitrary code execution |
Several memory safety bugs have been found in Firefox before 69.0. Some of these bugs showed evidence of memory corruption and Mozilla presumes that with... |
| CVE-2019-11734 |
High |
Yes |
Arbitrary code execution |
Several memory safety bugs have been found in Firefox before 69.0. Some of these bugs showed evidence of memory corruption and Mozilla presumes that with... |
| CVE-2019-9812 |
High |
Yes |
Sandbox escape |
In Firefox before 69.0, given a compromised sandboxed content process due to a separate vulnerability, it is possible to escape that sandbox by loading... |
| CVE-2019-5849 |
Medium |
Yes |
Information disclosure |
An out-of-bounds read vulnerability exists in the Skia graphics library shipped in Firefox before 69.0, allowing for the possible leaking of data from memory. |