Vulnerabilities > Mozilla > Firefox ESR > 60.1.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-02-28 | CVE-2018-18492 | Use After Free vulnerability in multiple products A use-after-free vulnerability can occur after deleting a selection element due to a weak reference to the select element in the options collection. | 9.8 |
| 2019-02-28 | CVE-2018-12405 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Mozilla developers and community members reported memory safety bugs present in Firefox 63 and Firefox ESR 60.3. | 9.8 |
| 2019-02-28 | CVE-2018-12397 | Information Exposure vulnerability in multiple products A WebExtension can request access to local files without the warning prompt stating that the extension will "Access your data for all websites" being displayed to the user. | 7.1 |
| 2019-02-28 | CVE-2018-12396 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products A vulnerability where a WebExtension can run content scripts in disallowed contexts following navigation or other events. | 6.5 |
| 2019-02-28 | CVE-2018-12395 | By rewriting the Host: request headers using the webRequest API, a WebExtension can bypass domain restrictions through domain fronting. | 7.5 |
| 2019-02-28 | CVE-2018-12392 | When manipulating user events in nested loops while opening a document through script, it is possible to trigger a potentially exploitable crash due to poor event handling. | 9.8 |
| 2019-02-28 | CVE-2018-12391 | Incorrect Authorization vulnerability in Mozilla Firefox During HTTP Live Stream playback on Firefox for Android, audio data can be accessed across origins in violation of security policies. | 8.8 |
| 2019-02-28 | CVE-2018-12390 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Mozilla developers and community members reported memory safety bugs present in Firefox 62 and Firefox ESR 60.2. | 9.8 |
| 2019-02-28 | CVE-2018-12389 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Mozilla developers and community members reported memory safety bugs present in Firefox ESR 60.2. | 8.8 |
| 2019-02-05 | CVE-2018-18505 | Improper Authentication vulnerability in multiple products An earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079, added authentication to communication between IPC endpoints and server parents during IPC process creation. | 10.0 |