Vulnerabilities > Mozilla > Firefox > 44.0.2

DATE CVE VULNERABILITY TITLE RISK
2018-10-18 CVE-2018-12358 Information Exposure vulnerability in multiple products
Service workers can use redirection to avoid the tainting of cross-origin resources in some instances, allowing a malicious site to read responses which are supposed to be opaque.
4.3
2018-10-18 CVE-2016-9069 Use After Free vulnerability in Mozilla Firefox
A use-after-free in nsINode::ReplaceOrInsertBefore during DOM operations resulting in potentially exploitable crashes.
network
mozilla CWE-416
6.8
2018-06-11 CVE-2018-5182 Information Exposure vulnerability in multiple products
If a text string that happens to be a filename in the operating system's native format is dragged and dropped onto the addressbar the specified local file will be opened.
network
low complexity
canonical mozilla CWE-200
5.0
2018-06-11 CVE-2018-5181 Information Exposure vulnerability in multiple products
If a URL using the "file:" protocol is dragged and dropped onto an open tab that is running in a different child process the tab will open a local file corresponding to the dropped URL, contrary to policy.
network
low complexity
canonical mozilla CWE-200
5.0
2018-06-11 CVE-2018-5180 Use After Free vulnerability in multiple products
A use-after-free vulnerability can occur during WebGL operations.
network
low complexity
mozilla canonical CWE-416
5.0
2018-06-11 CVE-2018-5177 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
A vulnerability exists in XSLT during number formatting where a negative buffer size may be allocated in some instances, leading to a buffer overflow and crash if it occurs.
network
low complexity
canonical mozilla CWE-119
5.0
2018-06-11 CVE-2018-5176 Improper Input Validation vulnerability in multiple products
The JSON Viewer displays clickable hyperlinks for strings that are parseable as URLs, including "javascript:" links.
4.3
2018-06-11 CVE-2018-5175 Cross-site Scripting vulnerability in multiple products
A mechanism to bypass Content Security Policy (CSP) protections on sites that have a "script-src" policy of "'strict-dynamic'".
4.3
2018-06-11 CVE-2018-5174 Unspecified vulnerability in Mozilla Firefox, Firefox ESR and Thunderbird
In the Windows 10 April 2018 Update, Windows Defender SmartScreen honors the "SEE_MASK_FLAG_NO_UI" flag associated with downloaded files and will not show any UI.
network
low complexity
mozilla microsoft
5.0
2018-06-11 CVE-2018-5173 Improper Input Validation vulnerability in multiple products
The filename appearing in the "Downloads" panel improperly renders some Unicode characters, allowing for the file name to be spoofed.
network
low complexity
canonical mozilla CWE-20
5.0