Vulnerabilities > Mozilla > Firefox > 21.0

DATE CVE VULNERABILITY TITLE RISK
2019-02-28 CVE-2018-12395 Unspecified vulnerability in Mozilla Firefox and Firefox ESR
By rewriting the Host: request headers using the webRequest API, a WebExtension can bypass domain restrictions through domain fronting.
network
low complexity
mozilla debian canonical redhat
5.0
2019-02-28 CVE-2018-12392 Unspecified vulnerability in Mozilla Firefox and Firefox ESR
When manipulating user events in nested loops while opening a document through script, it is possible to trigger a potentially exploitable crash due to poor event handling.
network
low complexity
mozilla debian canonical redhat
7.5
2019-02-28 CVE-2018-12391 Incorrect Authorization vulnerability in Mozilla Firefox, Firefox ESR and Thunderbird
During HTTP Live Stream playback on Firefox for Android, audio data can be accessed across origins in violation of security policies.
network
mozilla google CWE-863
critical
9.3
2019-02-28 CVE-2018-12390 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mozilla Firefox and Firefox ESR
Mozilla developers and community members reported memory safety bugs present in Firefox 62 and Firefox ESR 60.2.
network
low complexity
mozilla debian canonical redhat CWE-119
7.5
2019-02-28 CVE-2018-12388 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Mozilla developers and community members reported memory safety bugs present in Firefox 62.
6.8
2019-02-05 CVE-2018-18506 When proxy auto-detection is enabled, if a web server serves a Proxy Auto-Configuration (PAC) file or if a PAC file is loaded locally, this PAC file can specify that requests to the localhost are to be sent through the proxy to another server.
network
high complexity
mozilla canonical debian redhat opensuse
5.9
2019-02-05 CVE-2018-18505 Improper Authentication vulnerability in Mozilla Firefox and Firefox ESR
An earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079, added authentication to communication between IPC endpoints and server parents during IPC process creation.
network
low complexity
mozilla canonical debian redhat CWE-287
7.5
2019-02-05 CVE-2018-18504 Out-of-bounds Read vulnerability in multiple products
A crash and out-of-bounds read can occur when the buffer of a texture client is freed while it is still in use during graphic operations.
network
low complexity
mozilla canonical CWE-125
7.5
2019-02-05 CVE-2018-18503 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
When JavaScript is used to create and manipulate an audio buffer, a potentially exploitable crash may occur because of a compartment mismatch in some situations.
6.8
2019-02-05 CVE-2018-18502 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Mozilla developers and community members reported memory safety bugs present in Firefox 64.
network
low complexity
mozilla canonical CWE-119
critical
10.0