Vulnerabilities > Mozilla > Firefox > 44.0.2

DATE CVE VULNERABILITY TITLE RISK
2018-06-11 CVE-2018-5172 Cross-site Scripting vulnerability in multiple products
The Live Bookmarks page and the PDF viewer can run injected script content if a user pastes script from the clipboard into them while viewing RSS feeds or PDF files.
4.3
2018-06-11 CVE-2018-5169 Improper Input Validation vulnerability in multiple products
If manipulated hyperlinked text with "chrome:" URL contained in it is dragged and dropped on the "home" icon, the home page can be reset to include a normally-unlinkable chrome page as one of the home page tabs.
4.3
2018-06-11 CVE-2018-5168 Sites can bypass security checks on permissions to install lightweight themes by manipulating the "baseURI" property of the theme element.
network
low complexity
debian mozilla canonical redhat
5.0
2018-06-11 CVE-2018-5167 Improper Input Validation vulnerability in multiple products
The web console and JavaScript debugger do not sanitize all output that can be hyperlinked.
4.3
2018-06-11 CVE-2018-5166 Improper Privilege Management vulnerability in multiple products
WebExtensions can use request redirection and a "filterReponseData" filter to bypass host permission settings to redirect network traffic and access content from a host for which they do not have explicit user permission.
network
low complexity
canonical mozilla CWE-269
5.0
2018-06-11 CVE-2018-5164 Cross-site Scripting vulnerability in multiple products
Content Security Policy (CSP) is not applied correctly to all parts of multipart content sent with the "multipart/x-mixed-replace" MIME type.
4.3
2018-06-11 CVE-2018-5163 Improper Preservation of Permissions vulnerability in multiple products
If a malicious attacker has used another vulnerability to gain full control over a content process, they may be able to replace the alternate data resources stored in the JavaScript Start-up Bytecode Cache (JSBC) for other JavaScript code.
network
high complexity
canonical mozilla CWE-281
5.1
2018-06-11 CVE-2018-5160 Use After Free vulnerability in multiple products
WebRTC can use a "WrappedI420Buffer" pixel buffer but the owning image object can be freed while it is still in use.
network
low complexity
canonical mozilla CWE-416
5.0
2018-06-11 CVE-2018-5159 Integer Overflow or Wraparound vulnerability in multiple products
An integer overflow can occur in the Skia library due to 32-bit integer use in an array without integer overflow checks, resulting in possible out-of-bounds writes.
network
low complexity
debian redhat mozilla canonical CWE-190
7.5
2018-06-11 CVE-2018-5158 Code Injection vulnerability in multiple products
The PDF viewer does not sufficiently sanitize PostScript calculator functions, allowing malicious JavaScript to be injected through a crafted PDF file.
6.8