Vulnerabilities > Canonical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-02-28 | CVE-2018-12395 | By rewriting the Host: request headers using the webRequest API, a WebExtension can bypass domain restrictions through domain fronting. | 7.5 |
| 2019-02-28 | CVE-2018-12393 | Integer Overflow or Wraparound vulnerability in multiple products A potential vulnerability was found in 32-bit builds where an integer overflow during the conversion of scripts to an internal UTF-16 representation could result in allocating a buffer too small for the conversion. | 7.5 |
| 2019-02-28 | CVE-2018-12392 | When manipulating user events in nested loops while opening a document through script, it is possible to trigger a potentially exploitable crash due to poor event handling. | 9.8 |
| 2019-02-28 | CVE-2018-12390 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Mozilla developers and community members reported memory safety bugs present in Firefox 62 and Firefox ESR 60.2. | 9.8 |
| 2019-02-28 | CVE-2018-12389 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Mozilla developers and community members reported memory safety bugs present in Firefox ESR 60.2. | 8.8 |
| 2019-02-28 | CVE-2018-12388 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Mozilla developers and community members reported memory safety bugs present in Firefox 62. | 8.8 |
| 2019-02-28 | CVE-2019-1999 | Double Free vulnerability in multiple products In binder_alloc_free_page of binder_alloc.c, there is a possible double free due to improper locking. | 7.8 |
| 2019-02-28 | CVE-2019-9209 | Off-by-one Error vulnerability in multiple products In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the ASN.1 BER and related dissectors could crash. | 5.5 |
| 2019-02-27 | CVE-2019-1559 | Information Exposure Through Discrepancy vulnerability in multiple products If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. | 5.9 |
| 2019-02-27 | CVE-2019-9210 | Integer Overflow or Wraparound vulnerability in multiple products In AdvanceCOMP 2.1, png_compress in pngex.cc in advpng has an integer overflow upon encountering an invalid PNG size, which results in an attempted memcpy to write into a buffer that is too small. | 7.8 |