| CVE-2019-9809 |
Low |
Yes |
Denial of service |
If the source for resources on a page is through an FTP connection in Firefox before 66.0, it is possible to trigger a series of modal alert messages for... |
| CVE-2019-9808 |
Low |
Yes |
Content spoofing |
If WebRTC permission is requested from documents with data: or blob: URLs in Firefox before 66.0, the permission notifications do not properly display the... |
| CVE-2019-9807 |
Low |
Yes |
Content spoofing |
When arbitrary text is sent over an FTP connection and a page reload is initiated in Firefox before 66.0, it is possible to create a modal alert message... |
| CVE-2019-9806 |
Low |
Yes |
Denial of service |
A vulnerability exists in Firefox before 66.0 during authorization prompting for FTP transaction where successive modal prompts are displayed and cannot be... |
| CVE-2019-9805 |
Medium |
Yes |
Information disclosure |
A latent vulnerability exists in the Prio library in Firefox before 66.0 where data may be read from uninitialized memory for some functions, leading to... |
| CVE-2019-9803 |
Medium |
Yes |
Access restriction bypass |
The Upgrade-Insecure-Requests (UIR) specification states that if UIR is enabled through Content Security Policy (CSP), navigation to a same-origin URL must... |
| CVE-2019-9802 |
Medium |
Yes |
Information disclosure |
If a Sandbox content process is compromised in Firefox before 66.0, it can initiate an FTP download which will then use a child process to render the... |
| CVE-2019-9799 |
High |
Yes |
Information disclosure |
Insufficient bounds checking of data during inter-process communication in Firefox before 66.0 might allow a compromised content process to be able to read... |
| CVE-2019-9797 |
High |
Yes |
Same-origin policy bypass |
Cross-origin images can be read in violation of the same-origin policy, in Firefox before 66.0, by exporting an image after using createImageBitmap to read... |
| CVE-2019-9796 |
High |
Yes |
Arbitrary code execution |
A use-after-free vulnerability can occur in Firefox before 66.0 when the SMIL animation controller incorrectly registers with the refresh driver twice when... |
| CVE-2019-9795 |
High |
Yes |
Arbitrary code execution |
A vulnerability has been found in Firefox before 66.0; where type- confusion in the IonMonkey just-in-time (JIT) compiler could potentially be used by... |
| CVE-2019-9793 |
High |
Yes |
Arbitrary code execution |
A mechanism was discovered in Firefox before 66.0 that removes some bounds checking for string, array, or typed array accesses if Spectre mitigations have... |
| CVE-2019-9792 |
Critical |
Yes |
Arbitrary code execution |
The IonMonkey just-in-time (JIT) compiler in Firefox before 66.0 can leak an internal JS_OPTIMIZED_OUT magic value to the running script during a bailout.... |
| CVE-2019-9791 |
Critical |
Yes |
Arbitrary code execution |
The type inference system in Firefox before 66.0 allows the compilation of functions that can cause type confusions between arbitrary objects when compiled... |
| CVE-2019-9790 |
Critical |
Yes |
Arbitrary code execution |
A use-after-free vulnerability can occur in Firefox before 66.0 when a raw pointer to a DOM element on a page is obtained using JavaScript and the element... |
| CVE-2019-9789 |
Critical |
Yes |
Arbitrary code execution |
Several memory safety bugs have been found in Firefox before 66.0. Some of these bugs showed evidence of memory corruption and Mozilla presumes that with... |
| CVE-2019-9788 |
Critical |
Yes |
Arbitrary code execution |
Several memory safety bugs have been found in Firefox before 66.0. Some of these bugs showed evidence of memory corruption and Mozilla presumes that with... |