Vulnerabilities > Mozilla > Firefox > 20.0.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-02-28 | CVE-2018-18495 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products WebExtension content scripts can be loaded into about: pages in some circumstances, in violation of the permissions granted to extensions. | 4.3 |
| 2019-02-28 | CVE-2018-18494 | Origin Validation Error vulnerability in Mozilla Firefox and Firefox ESR A same-origin policy violation allowing the theft of cross-origin URL entries when using the Javascript location property to cause a redirection to another site using performance.getEntries(). | 4.3 |
| 2019-02-28 | CVE-2018-18493 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mozilla Firefox and Firefox ESR A buffer overflow can occur in the Skia library during buffer offset calculations with hardware accelerated canvas 2D actions due to the use of 32-bit calculations instead of 64-bit. | 7.5 |
| 2019-02-28 | CVE-2018-18492 | Use After Free vulnerability in Mozilla Firefox and Firefox ESR A use-after-free vulnerability can occur after deleting a selection element due to a weak reference to the select element in the options collection. | 7.5 |
| 2019-02-28 | CVE-2018-12407 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products A buffer overflow occurs when drawing and validating elements with the ANGLE graphics library, used for WebGL content, when working with the VertexBuffer11 module. | 7.5 |
| 2019-02-28 | CVE-2018-12406 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Mozilla developers and community members reported memory safety bugs present in Firefox 63. | 6.8 |
| 2019-02-28 | CVE-2018-12405 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mozilla Firefox and Firefox ESR Mozilla developers and community members reported memory safety bugs present in Firefox 63 and Firefox ESR 60.3. | 7.5 |
| 2019-02-28 | CVE-2018-12403 | If a site is loaded over a HTTPS connection but loads a favicon resource over HTTP, the mixed content warning is not displayed to users. | 5.0 |
| 2019-02-28 | CVE-2018-12402 | Origin Validation Error vulnerability in multiple products The internal WebBrowserPersist code does not use correct origin context for a resource being saved. | 4.3 |
| 2019-02-28 | CVE-2018-12401 | Improper Input Validation vulnerability in multiple products Some special resource URIs will cause a non-exploitable crash if loaded with optional parameters following a '?' in the parsed string. | 5.0 |