Vulnerabilities > Mozilla > Firefox > 44.0.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-11 | CVE-2018-5136 | Improper Input Validation vulnerability in multiple products A shared worker created from a "data:" URL in one tab can be shared by another tab with a different origin, bypassing the same-origin policy. | 7.5 |
| 2018-06-11 | CVE-2018-5135 | Missing Authorization vulnerability in Mozilla Firefox WebExtensions can bypass normal restrictions in some circumstances and use "browser.tabs.executeScript" to inject scripts into contexts where this should not be allowed, such as pages from other WebExtensions or unprivileged "about:" pages. | 7.5 |
| 2018-06-11 | CVE-2018-5134 | Information Exposure vulnerability in Mozilla Firefox WebExtensions may use "view-source:" URLs to view local "file:" URL content, as well as content stored in "about:cache", bypassing restrictions that only allow WebExtensions to view specific content. | 7.5 |
| 2018-06-11 | CVE-2018-5133 | Information Exposure vulnerability in multiple products If the "app.support.baseURL" preference is changed by a malicious local program to contain HTML and script content, this content is not sanitized. | 6.5 |
| 2018-06-11 | CVE-2018-5132 | Information Exposure vulnerability in multiple products The Find API for WebExtensions can search some privileged pages, such as "about:debugging", if these pages are open in a tab. | 6.5 |
| 2018-06-11 | CVE-2018-5131 | Information Exposure vulnerability in multiple products Under certain circumstances the "fetch()" API can return transient local copies of resources that were sent with a "no-store" or "no-cache" cache header instead of downloading a copy from the network as it should. | 5.9 |
| 2018-06-11 | CVE-2018-5130 | Improper Input Validation vulnerability in multiple products When packets with a mismatched RTP payload type are sent in WebRTC connections, in some circumstances a potentially exploitable crash is triggered. | 8.8 |
| 2018-06-11 | CVE-2018-5129 | Out-of-bounds Write vulnerability in multiple products A lack of parameter validation on IPC messages results in a potential out-of-bounds write through malformed IPC messages. | 8.6 |
| 2018-06-11 | CVE-2018-5128 | Use After Free vulnerability in multiple products A use-after-free vulnerability can occur when manipulating elements, events, and selection ranges during editor operations. | 9.8 |
| 2018-06-11 | CVE-2018-5127 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products A buffer overflow can occur when manipulating the SVG "animatedPathSegList" through script. | 8.8 |