Vulnerability Database

The Rapid7 Vulnerability Database is a list of 70,000 vulnerabilities for security analyst and researchers to identify and address known security issues through vulnerability management solutions. Each vulnerability has links to relevant groups like Mitre and other CVE Numbering Authorities as well as additional technical documentation. These vulnerabilities are utilized by our vulnerability management tool Nexpose and provided here for additional visibility.


Displaying vulnerability details 31 - 40 of 139825 in total

MFSA2019-07 Firefox: Security vulnerabilities fixed in Firefox 66 (CVE-2019-9803) Vulnerability

  • Severity: 4
  • Published: March 19, 2019

The Upgrade-Insecure-Requests (UIR) specification states that if UIR is enabled through Content Security Policy (CSP), navigation to a same-origin URL must be upgraded to HTTPS. Firefox will incorrectly navigate to an HTTP URL rather than perform the security upgrade requested by the CSP in some circumstances, allowing for potential man-...

MFSA2019-07 Firefox: Security vulnerabilities fixed in Firefox 66 (CVE-2019-9789) Vulnerability

  • Severity: 4
  • Published: March 19, 2019

Mozilla developers and community members Dragana Damjanovic, Emilio Cobos Álvarez, Henri Sivonen, Narcis Beleuzu, Julian Seward, Marcia Knous, Gary Kwong, Tyson Smith, Yaron Tausky, Ronald Crane, and André Bargull reported memory safety bugs present in Firefox 65. Some of these bugs showed evidence of memory corruption and we presume tha...

MFSA2019-07 Firefox: Security vulnerabilities fixed in Firefox 66 (CVE-2019-9802) Vulnerability

  • Severity: 4
  • Published: March 19, 2019

If a Sandbox content process is compromised, it can initiate an FTP download which will then use a child process to render the downloaded data. The downloaded data can then be passed to the Chrome process with an arbitrary file length supplied by an attacker, bypassing sandbox protections and allow for a potential memory read of adjacent...

MFSA2019-07 Firefox: Security vulnerabilities fixed in Firefox 66 (CVE-2019-9808) Vulnerability

  • Severity: 4
  • Published: March 19, 2019

If WebRTC permission is requested from documents with data: or blob: URLs, the permission notifications do not properly display the originating domain. The notification states "Unknown origin" as the requestee, leading to user confusion about which site is asking for this permission.

MFSA2019-08 Firefox: Security vulnerabilities fixed in Firefox ESR 60.6 (CVE-2019-9793) Vulnerability

  • Severity: 4
  • Published: March 19, 2019

A mechanism was discovered that removes some bounds checking for string, array, or typed array accesses if Spectre mitigations have been disabled. This vulnerability could allow an attacker to create an arbitrary value in compiled JavaScript, for which the range analysis will infer a fully controlled, incorrect range in circumstances whe...