| CVE-2019-17002 |
Low |
Yes |
Access restriction bypass |
An issue has been found in Firefox before 70.0 where, if upgrade- insecure-requests was specified in the Content Security Policy, and a link was dragged and... |
| CVE-2019-17001 |
Medium |
Yes |
Access restriction bypass |
A CSP bypass has been found in Firefox 69, where a Content-Security- Policy that blocks in-line scripts could be bypassed using an object tag to execute... |
| CVE-2019-17000 |
Medium |
Yes |
Access restriction bypass |
A CSP bypass has been found in Firefox 69, where an object tag with a data URI did not correctly inherit the document's Content Security Policy. This... |
| CVE-2019-15903 |
Medium |
Yes |
Denial of service |
A security issue has been found in libexpat before 2.2.8, where crafted XML input could fool the parser into changing from DTD parsing to document parsing... |
| CVE-2019-11765 |
Medium |
Yes |
Insufficient validation |
Incorrect permissions could be granted to a website in Firefox before 70.0. A compromised content process could send a message to the parent process that... |
| CVE-2019-11764 |
Critical |
Yes |
Arbitrary code execution |
Several memory safety bugs have been found in Firefox before 70.0 and Thunderbird before 68.2. Some of these bugs showed evidence of memory corruption and... |
| CVE-2019-11763 |
Medium |
Yes |
Insufficient validation |
An issue has been found in Firefox before 70.0 and Thunderbird before 68.2, where failure to correctly handle null bytes when processing HTML entities... |
| CVE-2019-11762 |
Medium |
Yes |
Same-origin policy bypass |
A same-origin policy bypass has been found in Firefox before 70.0 and Thunderbird before 68.2 where, if two same-origin documents set document.domain... |
| CVE-2019-11761 |
Medium |
Yes |
Access restriction bypass |
An issue has been found in Firefox before 70.0 and Thunderbird before 68.2, where by using a form with a data URI it was possible to gain access to the... |
| CVE-2019-11760 |
Critical |
Yes |
Arbitrary code execution |
A fixed-size stack buffer overflow has been found in nrappkit, in the WebRTC signaling code of Firefox before 70.0 and Thunderbird before 68.2. |
| CVE-2019-11759 |
Critical |
Yes |
Arbitrary code execution |
A stack-based buffer overflow has been found in the HKDF output of Firefox before 70.0 and Thunderbird before 68.2. An attacker could have caused 4 bytes of... |
| CVE-2019-11757 |
Critical |
Yes |
Arbitrary code execution |
A use-after-free issue has been found in the IndexedDB component of Firefox before 70.0 and Thunderbird before 68.2. When storing a value in IndexedDB, the... |
| CVE-2018-6156 |
Critical |
Yes |
Arbitrary code execution |
A heap-based buffer overflow has been found in Firefox before 70.0, where an incorrect derivation of a packet length in WebRTC caused heap corruption via a... |