Vulnerabilities > Mozilla > Firefox > 2.0.0.17
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-02-28 | CVE-2018-12405 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mozilla Firefox and Firefox ESR Mozilla developers and community members reported memory safety bugs present in Firefox 63 and Firefox ESR 60.3. | 7.5 |
2019-02-28 | CVE-2018-12403 | If a site is loaded over a HTTPS connection but loads a favicon resource over HTTP, the mixed content warning is not displayed to users. | 5.0 |
2019-02-28 | CVE-2018-12402 | Origin Validation Error vulnerability in multiple products The internal WebBrowserPersist code does not use correct origin context for a resource being saved. | 4.3 |
2019-02-28 | CVE-2018-12401 | Improper Input Validation vulnerability in multiple products Some special resource URIs will cause a non-exploitable crash if loaded with optional parameters following a '?' in the parsed string. | 5.0 |
2019-02-28 | CVE-2018-12400 | Information Exposure vulnerability in Mozilla Firefox In private browsing mode on Firefox for Android, favicons are cached in the cache/icons folder as they are in non-private mode. | 5.0 |
2019-02-28 | CVE-2018-12399 | Improper Authentication vulnerability in multiple products When a new protocol handler is registered, the API accepts a title argument which can be used to mislead users about which domain is registering the new protocol. | 4.3 |
2019-02-28 | CVE-2018-12398 | By using the reflected URL in some special resource URIs, such as chrome:, it is possible to inject stylesheets and bypass Content Security Policy (CSP). | 4.3 |
2019-02-28 | CVE-2018-12397 | Information Exposure vulnerability in Mozilla Firefox and Firefox ESR A WebExtension can request access to local files without the warning prompt stating that the extension will "Access your data for all websites" being displayed to the user. | 3.6 |
2019-02-28 | CVE-2018-12396 | Incorrect Permission Assignment for Critical Resource vulnerability in Mozilla Firefox and Firefox ESR A vulnerability where a WebExtension can run content scripts in disallowed contexts following navigation or other events. | 4.3 |
2019-02-28 | CVE-2018-12395 | Unspecified vulnerability in Mozilla Firefox and Firefox ESR By rewriting the Host: request headers using the webRequest API, a WebExtension can bypass domain restrictions through domain fronting. | 5.0 |