Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Firefox
(Mozilla)| Repositories |
• https://github.com/libevent/libevent
• https://github.com/khaledhosny/ots |
| #Vulnerabilities | 2544 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-01-21 | CVE-2011-2669 | Mozilla Firefox prior to 3.6 has a DoS vulnerability due to an issue in the validation of certificates. | Firefox | N/A | ||
| 2020-01-21 | CVE-2011-2668 | Mozilla Firefox through 1.5.0.3 has a vulnerability in processing the content-length header | Firefox | N/A | ||
| 2020-01-08 | CVE-2019-17008 | When using nested workers, a use-after-free could occur during worker destruction. This resulted in a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71. | Firefox, Firefox_esr, Thunderbird, Leap | N/A | ||
| 2020-01-13 | CVE-2011-2670 | Mozilla Firefox before 3.6 is vulnerable to XSS via the rendering of Cascading Style Sheets | Firefox | N/A | ||
| 2020-01-08 | CVE-2019-17025 | Mozilla developers reported memory safety bugs present in Firefox 71. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 72. | Ubuntu_linux, Firefox | N/A | ||
| 2020-01-08 | CVE-2019-17022 | When pasting a <style> tag from the clipboard into a rich text editor, the CSS sanitizer does not escape < and > characters. Because the resulting string is pasted directly into the text node of the element this does not result in a direct injection into the webpage; however, if a webpage subsequently copies the node's innerHTML, assigning it to another innerHTML, this would result in an XSS vulnerability. Two WYSIWYG editors were identified with this behavior, more may exist.... | Ubuntu_linux, Debian_linux, Firefox, Firefox_esr, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation | N/A | ||
| 2020-01-08 | CVE-2019-17018 | When in Private Browsing Mode on Windows 10, the Windows keyboard may retain word suggestions to improve the accuracy of the keyboard. This vulnerability affects Firefox < 72. | Firefox | N/A | ||
| 2020-01-08 | CVE-2019-17017 | Due to a missing case handling object types, a type confusion vulnerability could occur, resulting in a crash. We presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72. | Ubuntu_linux, Debian_linux, Firefox, Firefox_esr, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation | N/A | ||
| 2020-01-08 | CVE-2019-17016 | When pasting a <style> tag from the clipboard into a rich text editor, the CSS sanitizer incorrectly rewrites a @namespace rule. This could allow for injection into certain types of websites resulting in data exfiltration. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72. | Ubuntu_linux, Debian_linux, Firefox, Firefox_esr, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation | N/A | ||
| 2020-01-08 | CVE-2019-17015 | During the initialization of a new content process, a pointer offset can be manipulated leading to memory corruption and a potentially exploitable crash in the parent process. *Note: this issue only occurs on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72. | Firefox, Firefox_esr | N/A |