Vulnerabilities > Mozilla > Firefox > 3.0

DATE CVE VULNERABILITY TITLE RISK
2019-02-28 CVE-2018-18499 Origin Validation Error vulnerability in Mozilla Firefox and Firefox ESR
A same-origin policy violation allowing the theft of cross-origin URL entries when using a meta http-equiv="refresh" on a page to cause a redirection to another site using performance.getEntries().
network
mozilla CWE-346
4.3
2019-02-28 CVE-2018-18498 Integer Overflow or Wraparound vulnerability in multiple products
A potential vulnerability leading to an integer overflow can occur during buffer size calculations for images when a raw value is used instead of the checked value.
network
low complexity
mozilla debian canonical redhat CWE-190
7.5
2019-02-28 CVE-2018-18497 Limitations on the URIs allowed to WebExtensions by the browser.windows.create API can be bypassed when a pipe in the URL field is used within the extension to load multiple pages as a single argument.
network
mozilla canonical
4.3
2019-02-28 CVE-2018-18496 Improper Restriction of Rendered UI Layers or Frames vulnerability in Mozilla Firefox
When the RSS Feed preview about:feeds page is framed within another page, it can be used in concert with scripted content for a clickjacking attack that confuses users into downloading and executing an executable file from a temporary directory.
6.8
2019-02-28 CVE-2018-18495 Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
WebExtension content scripts can be loaded into about: pages in some circumstances, in violation of the permissions granted to extensions.
4.3
2019-02-28 CVE-2018-18494 Origin Validation Error vulnerability in Mozilla Firefox and Firefox ESR
A same-origin policy violation allowing the theft of cross-origin URL entries when using the Javascript location property to cause a redirection to another site using performance.getEntries().
4.3
2019-02-28 CVE-2018-18493 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mozilla Firefox and Firefox ESR
A buffer overflow can occur in the Skia library during buffer offset calculations with hardware accelerated canvas 2D actions due to the use of 32-bit calculations instead of 64-bit.
network
low complexity
mozilla debian canonical redhat CWE-119
7.5
2019-02-28 CVE-2018-18492 Use After Free vulnerability in Mozilla Firefox and Firefox ESR
A use-after-free vulnerability can occur after deleting a selection element due to a weak reference to the select element in the options collection.
network
low complexity
mozilla debian canonical redhat CWE-416
7.5
2019-02-28 CVE-2018-12407 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
A buffer overflow occurs when drawing and validating elements with the ANGLE graphics library, used for WebGL content, when working with the VertexBuffer11 module.
network
low complexity
mozilla canonical CWE-119
7.5
2019-02-28 CVE-2018-12406 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Mozilla developers and community members reported memory safety bugs present in Firefox 63.
6.8