Vulnerabilities > Mozilla > Firefox > 20.0.1

DATE CVE VULNERABILITY TITLE RISK
2018-06-11 CVE-2018-5160 Use After Free vulnerability in multiple products
WebRTC can use a "WrappedI420Buffer" pixel buffer but the owning image object can be freed while it is still in use.
network
low complexity
canonical mozilla CWE-416
5.0
2018-06-11 CVE-2018-5159 Integer Overflow or Wraparound vulnerability in multiple products
An integer overflow can occur in the Skia library due to 32-bit integer use in an array without integer overflow checks, resulting in possible out-of-bounds writes.
network
low complexity
debian redhat mozilla canonical CWE-190
7.5
2018-06-11 CVE-2018-5158 Code Injection vulnerability in multiple products
The PDF viewer does not sufficiently sanitize PostScript calculator functions, allowing malicious JavaScript to be injected through a crafted PDF file.
6.8
2018-06-11 CVE-2018-5157 Information Exposure vulnerability in multiple products
Same-origin protections for the PDF viewer can be bypassed, allowing a malicious site to intercept messages meant for the viewer.
network
low complexity
redhat debian canonical mozilla CWE-200
5.0
2018-06-11 CVE-2018-5155 Use After Free vulnerability in multiple products
A use-after-free vulnerability can occur while adjusting layout during SVG animations with text paths.
network
low complexity
debian redhat mozilla canonical CWE-416
7.5
2018-06-11 CVE-2018-5154 Use After Free vulnerability in multiple products
A use-after-free vulnerability can occur while enumerating attributes during SVG animations with clip paths.
network
low complexity
debian redhat mozilla canonical CWE-416
7.5
2018-06-11 CVE-2018-5153 Out-of-bounds Read vulnerability in multiple products
If websocket data is sent with mixed text and binary in a single message, the binary data can be corrupted.
network
low complexity
mozilla canonical CWE-125
5.0
2018-06-11 CVE-2018-5152 Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products
WebExtensions with the appropriate permissions can attach content scripts to Mozilla sites such as accounts.firefox.com and listen to network traffic to the site through the "webRequest" API.
4.3
2018-06-11 CVE-2018-5151 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Memory safety bugs were reported in Firefox 59.
network
low complexity
mozilla canonical CWE-119
critical
10.0
2018-06-11 CVE-2018-5150 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Memory safety bugs were reported in Firefox 59, Firefox ESR 52.7, and Thunderbird 52.7.
network
low complexity
debian redhat mozilla canonical CWE-119
7.5