Vulnerabilities > Mozilla > Firefox > 59.0.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-11 | CVE-2018-5173 | Improper Input Validation vulnerability in multiple products The filename appearing in the "Downloads" panel improperly renders some Unicode characters, allowing for the file name to be spoofed. | 5.0 |
| 2018-06-11 | CVE-2018-5172 | Cross-site Scripting vulnerability in multiple products The Live Bookmarks page and the PDF viewer can run injected script content if a user pastes script from the clipboard into them while viewing RSS feeds or PDF files. | 4.3 |
| 2018-06-11 | CVE-2018-5169 | Improper Input Validation vulnerability in multiple products If manipulated hyperlinked text with "chrome:" URL contained in it is dragged and dropped on the "home" icon, the home page can be reset to include a normally-unlinkable chrome page as one of the home page tabs. | 4.3 |
| 2018-06-11 | CVE-2018-5168 | Sites can bypass security checks on permissions to install lightweight themes by manipulating the "baseURI" property of the theme element. | 5.0 |
| 2018-06-11 | CVE-2018-5167 | Improper Input Validation vulnerability in multiple products The web console and JavaScript debugger do not sanitize all output that can be hyperlinked. | 4.3 |
| 2018-06-11 | CVE-2018-5166 | Improper Privilege Management vulnerability in multiple products WebExtensions can use request redirection and a "filterReponseData" filter to bypass host permission settings to redirect network traffic and access content from a host for which they do not have explicit user permission. | 5.0 |
| 2018-06-11 | CVE-2018-5164 | Cross-site Scripting vulnerability in multiple products Content Security Policy (CSP) is not applied correctly to all parts of multipart content sent with the "multipart/x-mixed-replace" MIME type. | 4.3 |
| 2018-06-11 | CVE-2018-5163 | Improper Preservation of Permissions vulnerability in multiple products If a malicious attacker has used another vulnerability to gain full control over a content process, they may be able to replace the alternate data resources stored in the JavaScript Start-up Bytecode Cache (JSBC) for other JavaScript code. | 5.1 |
| 2018-06-11 | CVE-2018-5160 | Use After Free vulnerability in multiple products WebRTC can use a "WrappedI420Buffer" pixel buffer but the owning image object can be freed while it is still in use. | 5.0 |
| 2018-06-11 | CVE-2018-5159 | Integer Overflow or Wraparound vulnerability in multiple products An integer overflow can occur in the Skia library due to 32-bit integer use in an array without integer overflow checks, resulting in possible out-of-bounds writes. | 7.5 |