3.0.5

DATE	CVE	VULNERABILITY TITLE	RISK
2019-02-28	CVE-2018-12405	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mozilla Firefox and Firefox ESR Mozilla developers and community members reported memory safety bugs present in Firefox 63 and Firefox ESR 60.3. network low complexity mozilla canonical debian redhat CWE-119	7.5
2019-02-28	CVE-2018-12403	If a site is loaded over a HTTPS connection but loads a favicon resource over HTTP, the mixed content warning is not displayed to users. network low complexity mozilla canonical	5.0
2019-02-28	CVE-2018-12402	Origin Validation Error vulnerability in multiple products The internal WebBrowserPersist code does not use correct origin context for a resource being saved. network mozilla canonical CWE-346	4.3
2019-02-28	CVE-2018-12401	Improper Input Validation vulnerability in multiple products Some special resource URIs will cause a non-exploitable crash if loaded with optional parameters following a '?' in the parsed string. network low complexity mozilla canonical CWE-20	5.0
2019-02-28	CVE-2018-12400	Information Exposure vulnerability in Mozilla Firefox In private browsing mode on Firefox for Android, favicons are cached in the cache/icons folder as they are in non-private mode. network low complexity mozilla google CWE-200	5.0
2019-02-28	CVE-2018-12399	Improper Authentication vulnerability in multiple products When a new protocol handler is registered, the API accepts a title argument which can be used to mislead users about which domain is registering the new protocol. network mozilla canonical CWE-287	4.3
2019-02-28	CVE-2018-12398	By using the reflected URL in some special resource URIs, such as chrome:, it is possible to inject stylesheets and bypass Content Security Policy (CSP). network mozilla canonical	4.3
2019-02-28	CVE-2018-12397	Information Exposure vulnerability in Mozilla Firefox and Firefox ESR A WebExtension can request access to local files without the warning prompt stating that the extension will "Access your data for all websites" being displayed to the user. local low complexity mozilla redhat debian canonical CWE-200	3.6
2019-02-28	CVE-2018-12396	Incorrect Permission Assignment for Critical Resource vulnerability in Mozilla Firefox and Firefox ESR A vulnerability where a WebExtension can run content scripts in disallowed contexts following navigation or other events. network mozilla debian canonical redhat CWE-732	4.3
2019-02-28	CVE-2018-12395	Unspecified vulnerability in Mozilla Firefox and Firefox ESR By rewriting the Host: request headers using the webRequest API, a WebExtension can bypass domain restrictions through domain fronting. network low complexity mozilla debian canonical redhat	5.0