Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mozilla firefox esr vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2019-11712
POST requests made by NPAPI plugins, such as Flash, that receive a status 308 redirect response can bypass CORS requirements. This can allow an malicious user to perform Cross-Site Request Forgery (CSRF) attacks. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, ...
Mozilla Firefox
Mozilla Firefox Esr
Mozilla Thunderbird
9.8
CVSSv3
CVE-2019-11713
A use-after-free vulnerability can occur in HTTP/2 when a cached HTTP/2 stream is closed while still in use, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.
Mozilla Firefox Esr
Mozilla Firefox
Mozilla Thunderbird
6.1
CVSSv3
CVE-2019-11715
Due to an error while parsing page content, it is possible for properly sanitized user input to be misinterpreted and lead to XSS hazards on web sites in certain circumstances. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.
Mozilla Firefox
Mozilla Firefox Esr
Mozilla Thunderbird
6.5
CVSSv3
CVE-2019-11742
A same-origin policy violation occurs allowing the theft of cross-origin images through a combination of SVG filters and a <canvas> element due to an error in how same-origin policy is applied to cached image content. The resulting same-origin policy violation could...
Mozilla Firefox Esr
Mozilla Thunderbird
Mozilla Firefox
3.7
CVSSv3
CVE-2019-11743
Navigation events were not fully adhering to the W3C's "Navigation-Timing Level 2" draft specification in some instances for the unload event, which restricts access to detailed timing attributes to only be same-origin. This resulted in potential cross-origin infor...
Mozilla Thunderbird
Mozilla Firefox
Mozilla Firefox Esr
6.1
CVSSv3
CVE-2019-11744
Some HTML elements, such as <title> and <textarea>, can contain literal angle brackets without treating them as markup. It is possible to pass a literal closing tag to .innerHTML on these elements, and subsequent content after that will be parsed as if...
Mozilla Thunderbird
Mozilla Firefox Esr
Mozilla Firefox
8.8
CVSSv3
CVE-2019-11746
A use-after-free vulnerability can occur while manipulating video elements if the body is freed while still in use. This results in a potentially exploitable crash. This vulnerability affects Firefox < 69, Thunderbird < 68.1, Thunderbird < 60.9, Firefox ESR < 60.9, an...
Mozilla Thunderbird
Mozilla Firefox
Mozilla Firefox Esr
8.8
CVSSv3
CVE-2019-11752
It is possible to delete an IndexedDB key value and subsequently try to extract it during conversion. This results in a use-after-free and a potentially exploitable crash. This vulnerability affects Firefox < 69, Thunderbird < 68.1, Thunderbird < 60.9, Firefox ESR < 6...
Mozilla Firefox Esr
Mozilla Thunderbird
Mozilla Firefox
6.5
CVSSv3
CVE-2023-4577
When `UpdateRegExpStatics` attempted to access `initialStringHeap` it could already have been garbage collected prior to entering the function, which could potentially have led to an exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thund...
Mozilla Thunderbird
Mozilla Firefox
Mozilla Firefox Esr
6.5
CVSSv3
CVE-2023-4580
Push notifications stored on disk in private browsing mode were not being encrypted potentially allowing the leak of sensitive information. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2.
Mozilla Thunderbird
Mozilla Firefox
Mozilla Firefox Esr
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »