CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Mozilla » Firefox » 41.0 : Security Vulnerabilities (CVSS score >= 7)

Cpe Name:cpe:/a:mozilla:firefox:41.0
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2019-11752 416 2019-09-27 2019-10-04
9.3
None Remote Medium Not required Complete Complete Complete
It is possible to delete an IndexedDB key value and subsequently try to extract it during conversion. This results in a use-after-free and a potentially exploitable crash. This vulnerability affects Firefox < 69, Thunderbird < 68.1, Thunderbird < 60.9, Firefox ESR < 60.9, and Firefox ESR < 68.1.
2 CVE-2019-11740 119 Overflow Mem. Corr. 2019-09-27 2019-10-04
7.5
None Remote Low Not required Partial Partial Partial
Mozilla developers and community members reported memory safety bugs present in Firefox 68, Firefox ESR 68, and Firefox 60.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 69, Thunderbird < 68.1, Thunderbird < 60.9, Firefox ESR < 60.9, and Firefox ESR < 68.1.
3 CVE-2019-11735 120 Mem. Corr. 2019-09-27 2019-10-05
7.5
None Remote Low Not required Partial Partial Partial
Mozilla developers and community members reported memory safety bugs present in Firefox 68 and Firefox ESR 68. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 69 and Firefox ESR < 68.1.
4 CVE-2019-11734 120 Mem. Corr. 2019-09-27 2019-10-02
7.5
None Remote Low Not required Partial Partial Partial
Mozilla developers and community members reported memory safety bugs present in Firefox 68. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 69.
5 CVE-2019-11716 20 Bypass 2019-07-23 2019-08-15
7.5
None Remote Low Not required Partial Partial Partial
Until explicitly accessed by script, window.globalThis is not enumerable and, as a result, is not visible to code such as Object.getOwnPropertyNames(window). Sites that deploy a sandboxing that depends on enumerating and freezing access to the window object may miss this, allowing their sandboxes to be bypassed. This vulnerability affects Firefox < 68.
6 CVE-2019-11714 20 2019-07-23 2019-08-15
7.5
None Remote Low Not required Partial Partial Partial
Necko can access a child on the wrong thread during UDP connections, resulting in a potentially exploitable crash in some instances. This vulnerability affects Firefox < 68.
7 CVE-2019-11713 416 2019-07-23 2019-07-29
7.5
None Remote Low Not required Partial Partial Partial
A use-after-free vulnerability can occur in HTTP/2 when a cached HTTP/2 stream is closed while still in use, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.
8 CVE-2019-11710 119 Overflow Mem. Corr. 2019-07-23 2019-08-15
7.5
None Remote Low Not required Partial Partial Partial
Mozilla developers and community members reported memory safety bugs present in Firefox 67. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 68.
9 CVE-2019-11709 119 Overflow Mem. Corr. 2019-07-23 2019-07-29
7.5
None Remote Low Not required Partial Partial Partial
Mozilla developers and community members reported memory safety bugs present in Firefox 67 and Firefox ESR 60.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.
10 CVE-2019-11708 20 2019-07-23 2019-08-15
10.0
None Remote Low Not required Complete Complete Complete
Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed parent process opening web content chosen by a compromised child process. When combined with additional vulnerabilities this could result in executing arbitrary code on the user's computer. This vulnerability affects Firefox ESR < 60.7.2, Firefox < 67.0.4, and Thunderbird < 60.7.2.
11 CVE-2019-11707 704 2019-07-23 2019-08-15
7.5
None Remote Low Not required Partial Partial Partial
A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR < 60.7.1, Firefox < 67.0.3, and Thunderbird < 60.7.2.
12 CVE-2019-11693 119 Overflow 2019-07-23 2019-07-25
7.5
None Remote Low Not required Partial Partial Partial
The bufferdata function in WebGL is vulnerable to a buffer overflow with specific graphics drivers on Linux. This could result in malicious content freezing a tab or triggering a potentially exploitable crash. *Note: this issue only occurs on Linux. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7.
13 CVE-2019-11692 416 2019-07-23 2019-07-25
7.5
None Remote Low Not required Partial Partial Partial
A use-after-free vulnerability can occur when listeners are removed from the event listener manager while still in use, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7.
14 CVE-2019-11691 416 2019-07-23 2019-07-26
7.5
None Remote Low Not required Partial Partial Partial
A use-after-free vulnerability can occur when working with XMLHttpRequest (XHR) in an event loop, causing the XHR main thread to be called after it has been freed. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7.
15 CVE-2019-9820 416 2019-07-23 2019-07-26
7.5
None Remote Low Not required Partial Partial Partial
A use-after-free vulnerability can occur in the chrome event handler when it is freed while still in use. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7.
16 CVE-2019-9819 20 2019-07-23 2019-07-26
7.5
None Remote Low Not required Partial Partial Partial
A vulnerability where a JavaScript compartment mismatch can occur while working with the fetch API, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7.
17 CVE-2019-9814 119 Overflow Mem. Corr. 2019-07-23 2019-07-26
7.5
None Remote Low Not required Partial Partial Partial
Mozilla developers and community members reported memory safety bugs present in Firefox 66. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 67.
18 CVE-2019-9805 119 Overflow Mem. Corr. 2019-04-26 2019-04-29
7.5
None Remote Low Not required Partial Partial Partial
A latent vulnerability exists in the Prio library where data may be read from uninitialized memory for some functions, leading to potential memory corruption. This vulnerability affects Firefox < 66.
19 CVE-2019-9804 78 Exec Code 2019-04-26 2019-04-30
7.5
None Remote Low Not required Partial Partial Partial
In Firefox Developer Tools it is possible that pasting the result of the 'Copy as cURL' command into a command shell on macOS will cause the execution of unintended additional bash script commands if the URL was maliciously crafted. This is the result of an issue with the native version of Bash on macOS. *Note: This issue only affects macOS. Other operating systems are unaffected.*. This vulnerability affects Firefox < 66.
20 CVE-2019-9800 119 Overflow Mem. Corr. 2019-07-23 2019-07-26
7.5
None Remote Low Not required Partial Partial Partial
Mozilla developers and community members reported memory safety bugs present in Firefox 66, Firefox ESR 60.6, and Thunderbird 60.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7.
21 CVE-2019-9796 416 2019-04-26 2019-05-13
7.5
None Remote Low Not required Partial Partial Partial
A use-after-free vulnerability can occur when the SMIL animation controller incorrectly registers with the refresh driver twice when only a single registration is expected. When a registration is later freed with the removal of the animation controller element, the refresh driver incorrectly leaves a dangling pointer to the driver's observer array. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66.
22 CVE-2019-9795 704 2019-04-26 2019-05-13
7.5
None Remote Low Not required Partial Partial Partial
A vulnerability where type-confusion in the IonMonkey just-in-time (JIT) compiler could potentially be used by malicious JavaScript to trigger a potentially exploitable crash. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66.
23 CVE-2019-9794 20 Exec Code 2019-04-26 2019-04-30
7.5
None Remote Low Not required Partial Partial Partial
A vulnerability was discovered where specific command line arguments are not properly discarded during Firefox invocation as a shell handler for URLs. This could be used to retrieve and execute files whose location is supplied through these command line arguments if Firefox is configured as the default URI handler for a given URI scheme in third party applications and these applications insufficiently sanitize URL data. *Note: This issue only affects Windows operating systems. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66.
24 CVE-2019-9792 119 Overflow Mem. Corr. 2019-04-26 2019-05-28
7.5
None Remote Low Not required Partial Partial Partial
The IonMonkey just-in-time (JIT) compiler can leak an internal JS_OPTIMIZED_OUT magic value to the running script during a bailout. This magic value can then be used by JavaScript to achieve memory corruption, which results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66.
25 CVE-2019-9791 20 2019-04-26 2019-05-13
7.5
None Remote Low Not required Partial Partial Partial
The type inference system allows the compilation of functions that can cause type confusions between arbitrary objects when compiled through the IonMonkey just-in-time (JIT) compiler and when the constructor function is entered through on-stack replacement (OSR). This allows for possible arbitrary reading and writing of objects during an exploitable crash. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66.
26 CVE-2019-9789 119 Overflow Mem. Corr. 2019-04-26 2019-04-26
7.5
None Remote Low Not required Partial Partial Partial
Mozilla developers and community members reported memory safety bugs present in Firefox 65. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 66.
27 CVE-2019-9788 119 Overflow Mem. Corr. 2019-04-26 2019-05-13
7.5
None Remote Low Not required Partial Partial Partial
Mozilla developers and community members reported memory safety bugs present in Firefox 65, Firefox ESR 60.5, and Thunderbird 60.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66.
28 CVE-2018-18505 287 2019-02-05 2019-10-02
7.5
None Remote Low Not required Partial Partial Partial
An earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079, added authentication to communication between IPC endpoints and server parents during IPC process creation. This authentication is insufficient for channels created after the IPC process is started, leading to the authentication not being correctly applied to later channels. This could allow for a sandbox escape through IPC channels due to lack of message validation in the listener process. This vulnerability affects Thunderbird < 60.5, Firefox ESR < 60.5, and Firefox < 65.
29 CVE-2018-18501 119 Overflow Mem. Corr. 2019-02-05 2019-04-02
7.5
None Remote Low Not required Partial Partial Partial
Mozilla developers and community members reported memory safety bugs present in Firefox 64 and Firefox ESR 60.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60.5, Firefox ESR < 60.5, and Firefox < 65.
30 CVE-2018-18500 416 2019-02-05 2019-04-02
7.5
None Remote Low Not required Partial Partial Partial
A use-after-free vulnerability can occur while parsing an HTML5 stream in concert with custom HTML elements. This results in the stream parser object being freed while still in use, leading to a potentially exploitable crash. This vulnerability affects Thunderbird < 60.5, Firefox ESR < 60.5, and Firefox < 65.
31 CVE-2018-12392 2019-02-28 2019-10-02
7.5
None Remote Low Not required Partial Partial Partial
When manipulating user events in nested loops while opening a document through script, it is possible to trigger a potentially exploitable crash due to poor event handling. This vulnerability affects Firefox < 63, Firefox ESR < 60.3, and Thunderbird < 60.3.
32 CVE-2018-12378 416 2018-10-18 2018-12-06
7.5
None Remote Low Not required Partial Partial Partial
A use-after-free vulnerability can occur when an IndexedDB index is deleted while still in use by JavaScript code that is providing payload values to be stored. This results in a potentially exploitable crash. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird < 60.2.1.
33 CVE-2018-12377 416 2018-10-18 2018-12-06
7.5
None Remote Low Not required Partial Partial Partial
A use-after-free vulnerability can occur when refresh driver timers are refreshed in some circumstances during shutdown when the timer is deleted while still in use. This results in a potentially exploitable crash. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird < 60.2.1.
34 CVE-2018-12376 119 Overflow Mem. Corr. 2018-10-18 2018-12-06
7.5
None Remote Low Not required Partial Partial Partial
Memory safety bugs present in Firefox 61 and Firefox ESR 60.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird < 60.2.1.
35 CVE-2018-12369 863 2018-10-18 2019-10-02
7.5
None Remote Low Not required Partial Partial Partial
WebExtensions bundled with embedded experiments were not correctly checked for proper authorization. This allowed a malicious WebExtension to gain full browser permissions. This vulnerability affects Firefox ESR < 60.1 and Firefox < 61.
36 CVE-2018-12368 Exec Code 2018-10-18 2019-10-02
9.3
None Remote Medium Not required Complete Complete Complete
Windows 10 does not warn users before opening executable files with the SettingContent-ms extension even when they have been downloaded from the internet and have the "Mark of the Web." Without the warning, unsuspecting users unfamiliar with this new file type might run an unwanted executable. This also allows a WebExtension with the limited downloads.open permission to execute arbitrary code without user interaction on Windows 10 systems. *Note: this issue only affects Windows operating systems. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.
37 CVE-2018-5188 119 Overflow Mem. Corr. 2018-10-18 2018-12-06
7.5
None Remote Low Not required Partial Partial Partial
Memory safety bugs present in Firefox 60, Firefox ESR 60, and Firefox ESR 52.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.
38 CVE-2018-5187 119 Overflow Mem. Corr. 2018-10-18 2018-12-06
7.5
None Remote Low Not required Partial Partial Partial
Memory safety bugs present in Firefox 60 and Firefox ESR 60. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60, Firefox ESR < 60.1, and Firefox < 61.
39 CVE-2018-5186 119 Overflow Mem. Corr. 2018-10-18 2018-12-06
7.5
None Remote Low Not required Partial Partial Partial
Memory safety bugs present in Firefox 60. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 61.
40 CVE-2018-5159 787 Overflow 2018-06-11 2018-11-25
7.5
None Remote Low Not required Partial Partial Partial
An integer overflow can occur in the Skia library due to 32-bit integer use in an array without integer overflow checks, resulting in possible out-of-bounds writes. This could lead to a potentially exploitable crash triggerable by web content. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8.
41 CVE-2018-5156 20 2018-10-18 2018-12-06
7.5
None Remote Low Not required Partial Partial Partial
A vulnerability can occur when capturing a media stream when the media source type is changed as the capture is occurring. This can result in stream data being cast to the wrong type causing a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.
42 CVE-2018-5155 416 2018-06-11 2018-11-25
7.5
None Remote Low Not required Partial Partial Partial
A use-after-free vulnerability can occur while adjusting layout during SVG animations with text paths. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8.
43 CVE-2018-5154 416 2018-06-11 2018-11-25
7.5
None Remote Low Not required Partial Partial Partial
A use-after-free vulnerability can occur while enumerating attributes during SVG animations with clip paths. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8.
44 CVE-2018-5151 119 Overflow Mem. Corr. 2018-06-11 2018-08-03
10.0
None Remote Low Not required Complete Complete Complete
Memory safety bugs were reported in Firefox 59. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 60.
45 CVE-2018-5150 119 Overflow Mem. Corr. 2018-06-11 2018-11-25
7.5
None Remote Low Not required Partial Partial Partial
Memory safety bugs were reported in Firefox 59, Firefox ESR 52.7, and Thunderbird 52.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8.
46 CVE-2018-5148 416 2018-06-11 2018-08-09
7.5
None Remote Low Not required Partial Partial Partial
A use-after-free vulnerability can occur in the compositor during certain graphics operations when a raw pointer is used instead of a reference counted one. This results in a potentially exploitable crash. This vulnerability affects Firefox ESR < 52.7.3 and Firefox < 59.0.2.
47 CVE-2018-5147 787 2018-06-11 2018-08-14
7.5
None Remote Low Not required Partial Partial Partial
The libtremor library has the same flaw as CVE-2018-5146. This library is used by Firefox in place of libvorbis on Android and ARM platforms. This vulnerability affects Firefox ESR < 52.7.2 and Firefox < 59.0.1.
48 CVE-2018-5128 416 2018-06-11 2018-08-06
7.5
None Remote Low Not required Partial Partial Partial
A use-after-free vulnerability can occur when manipulating elements, events, and selection ranges during editor operations. This results in a potentially exploitable crash. This vulnerability affects Firefox < 59.
49 CVE-2018-5126 119 Overflow Mem. Corr. 2018-06-11 2018-08-06
7.5
None Remote Low Not required Partial Partial Partial
Memory safety bugs were reported in Firefox 58. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 59.
50 CVE-2018-5104 416 2018-06-11 2018-08-03
7.5
None Remote Low Not required Partial Partial Partial
A use-after-free vulnerability can occur during font face manipulation when a font face is freed while still in use, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58.
Total number of vulnerabilities : 140   Page : 1 (This Page)2 3
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.