Vulnerabilities > Mozilla > Firefox > 0.8
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-11 | CVE-2018-5181 | Information Exposure vulnerability in multiple products If a URL using the "file:" protocol is dragged and dropped onto an open tab that is running in a different child process the tab will open a local file corresponding to the dropped URL, contrary to policy. | 5.0 |
| 2018-06-11 | CVE-2018-5180 | Use After Free vulnerability in multiple products A use-after-free vulnerability can occur during WebGL operations. | 5.0 |
| 2018-06-11 | CVE-2018-5177 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products A vulnerability exists in XSLT during number formatting where a negative buffer size may be allocated in some instances, leading to a buffer overflow and crash if it occurs. | 5.0 |
| 2018-06-11 | CVE-2018-5176 | Improper Input Validation vulnerability in multiple products The JSON Viewer displays clickable hyperlinks for strings that are parseable as URLs, including "javascript:" links. | 4.3 |
| 2018-06-11 | CVE-2018-5175 | Cross-site Scripting vulnerability in multiple products A mechanism to bypass Content Security Policy (CSP) protections on sites that have a "script-src" policy of "'strict-dynamic'". | 4.3 |
| 2018-06-11 | CVE-2018-5174 | Unspecified vulnerability in Mozilla Firefox, Firefox ESR and Thunderbird In the Windows 10 April 2018 Update, Windows Defender SmartScreen honors the "SEE_MASK_FLAG_NO_UI" flag associated with downloaded files and will not show any UI. | 5.0 |
| 2018-06-11 | CVE-2018-5173 | Improper Input Validation vulnerability in multiple products The filename appearing in the "Downloads" panel improperly renders some Unicode characters, allowing for the file name to be spoofed. | 5.0 |
| 2018-06-11 | CVE-2018-5172 | Cross-site Scripting vulnerability in multiple products The Live Bookmarks page and the PDF viewer can run injected script content if a user pastes script from the clipboard into them while viewing RSS feeds or PDF files. | 4.3 |
| 2018-06-11 | CVE-2018-5169 | Improper Input Validation vulnerability in multiple products If manipulated hyperlinked text with "chrome:" URL contained in it is dragged and dropped on the "home" icon, the home page can be reset to include a normally-unlinkable chrome page as one of the home page tabs. | 4.3 |
| 2018-06-11 | CVE-2018-5168 | Sites can bypass security checks on permissions to install lightweight themes by manipulating the "baseURI" property of the theme element. | 5.0 |