Multiple vulnerabilities were found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to bypass security restrictions, obtain sensitive information, cause denial of service, spoof user interface, perform cross-site scripting attack, execute arbitrary code.

Below is a complete list of vulnerabilities:

1. A type confusion vulnerability can be exploited remotely to bypass security restrictions;
2. A cross-origin resource sharing vulnerability can be exploited remotely via a canvas to obtain sensitive information;
3. A use-after-free vulnerability in crash generation server can be exploited remotely to cause denial of service or bypass security restrictions;
4. A compartment mismatch vulnerability can be exploited to cause denial of service;
5. A use-after-free vulnerability in the chrome event handler can be exploited to cause denial of service;
6. A use-after-free vulnerability in AssertWorkerThread can be exploited to cause denial of service;
7. A use-after-free vulnerability in XMLHttpRequest can be exploited to cause denial of service;
8. A use-after-free vulnerability in the event listener manager can be exploited to cause denial of service;
9. A use-after-free vulnerability in the png_image_free function in the libpng library can be exploited to cause denial of service;
10. A memory leakage vulnerability in the Windows sandbox can be exploited to obtain sensitive information;
11. An unspecified vulnerability can be exploited remotely via specially crafted website to spoof user interface;
12. An unspecified vulnerability can be exploited remotely via drag and drop of hyperlinks to and from bookmarks to obtain sensitive information;
13. An unspecified vulnerability can be exploited to spoof user interface;
14. An unspecified vulnerability can be exploited to perform cross-site scripting attacks;
15. Multiple memory corruption vulnerabilities can be exploited to execute arbitrary code.

Mozilla Firefox earlier than 67

Update to the latest version

mfsa2019-13