Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Firefox_esr
(Mozilla)Repositories | https://github.com/libevent/libevent |
#Vulnerabilities | 744 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2018-06-11 | CVE-2016-9079 | A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows. This vulnerability affects Firefox < 50.0.2, Firefox ESR < 45.5.1, and Thunderbird < 45.5.1. | Debian_linux, Firefox, Firefox_esr, Thunderbird, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_workstation, Tor | 7.5 | ||
2019-07-23 | CVE-2019-11707 | A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR < 60.7.1, Firefox < 67.0.3, and Thunderbird < 60.7.2. | Firefox, Firefox_esr, Thunderbird | 8.8 | ||
2019-07-23 | CVE-2019-11708 | Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed parent process opening web content chosen by a compromised child process. When combined with additional vulnerabilities this could result in executing arbitrary code on the user's computer. This vulnerability affects Firefox ESR < 60.7.2, Firefox < 67.0.4, and Thunderbird < 60.7.2. | Firefox, Firefox_esr, Thunderbird | 10.0 | ||
2020-03-02 | CVE-2019-17026 | Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR < 68.4.1, Thunderbird < 68.4.1, and Firefox < 72.0.1. | Ubuntu_linux, Firefox, Firefox_esr, Thunderbird | 8.8 | ||
2020-04-24 | CVE-2020-6819 | Under certain conditions, when running the nsDocShell destructor, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Thunderbird < 68.7.0, Firefox < 74.0.1, and Firefox ESR < 68.6.1. | Firefox, Firefox_esr, Thunderbird | 8.1 | ||
2020-04-24 | CVE-2020-6820 | Under certain conditions, when handling a ReadableStream, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Thunderbird < 68.7.0, Firefox < 74.0.1, and Firefox ESR < 68.6.1. | Firefox, Firefox_esr, Thunderbird | 8.1 | ||
2023-06-02 | CVE-2023-32207 | A missing delay in popup notifications could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. | Firefox, Firefox_esr, Thunderbird | 8.8 | ||
2022-12-22 | CVE-2022-26485 | Removing an XSLT parameter during processing could have lead to an exploitable use-after-free. We have had reports of attacks in the wild abusing this flaw. This vulnerability affects Firefox < 97.0.2, Firefox ESR < 91.6.1, Firefox for Android < 97.3.0, Thunderbird < 91.6.2, and Focus < 97.3.0. | Firefox, Firefox_esr, Firefox_focus, Thunderbird | 8.8 | ||
2022-12-22 | CVE-2022-26486 | An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escape. We have had reports of attacks in the wild abusing this flaw. This vulnerability affects Firefox < 97.0.2, Firefox ESR < 91.6.1, Firefox for Android < 97.3.0, Thunderbird < 91.6.2, and Focus < 97.3.0. | Firefox, Firefox_esr, Firefox_focus, Thunderbird | 9.6 | ||
2023-06-02 | CVE-2023-23602 | A mishandled security check when creating a WebSocket in a WebWorker caused the Content Security Policy connect-src header to be ignored. This could lead to connections to restricted origins from inside WebWorkers. This vulnerability affects Firefox < 109, Thunderbird < 102.7, and Firefox ESR < 102.7. | Firefox, Firefox_esr, Thunderbird | 6.5 |