Vulnerabilities > Mozilla > Firefox > 61.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-02-28 | CVE-2018-12407 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products A buffer overflow occurs when drawing and validating elements with the ANGLE graphics library, used for WebGL content, when working with the VertexBuffer11 module. | 7.5 |
| 2019-02-28 | CVE-2018-12406 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Mozilla developers and community members reported memory safety bugs present in Firefox 63. | 6.8 |
| 2019-02-28 | CVE-2018-12405 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mozilla Firefox and Firefox ESR Mozilla developers and community members reported memory safety bugs present in Firefox 63 and Firefox ESR 60.3. | 7.5 |
| 2019-02-28 | CVE-2018-12403 | If a site is loaded over a HTTPS connection but loads a favicon resource over HTTP, the mixed content warning is not displayed to users. | 5.0 |
| 2019-02-28 | CVE-2018-12402 | Origin Validation Error vulnerability in multiple products The internal WebBrowserPersist code does not use correct origin context for a resource being saved. | 4.3 |
| 2019-02-28 | CVE-2018-12401 | Improper Input Validation vulnerability in multiple products Some special resource URIs will cause a non-exploitable crash if loaded with optional parameters following a '?' in the parsed string. | 5.0 |
| 2019-02-28 | CVE-2018-12400 | Information Exposure vulnerability in Mozilla Firefox In private browsing mode on Firefox for Android, favicons are cached in the cache/icons folder as they are in non-private mode. | 5.0 |
| 2019-02-28 | CVE-2018-12399 | Improper Authentication vulnerability in multiple products When a new protocol handler is registered, the API accepts a title argument which can be used to mislead users about which domain is registering the new protocol. | 4.3 |
| 2019-02-28 | CVE-2018-12398 | By using the reflected URL in some special resource URIs, such as chrome:, it is possible to inject stylesheets and bypass Content Security Policy (CSP). | 4.3 |
| 2019-02-28 | CVE-2018-12397 | Information Exposure vulnerability in Mozilla Firefox and Firefox ESR A WebExtension can request access to local files without the warning prompt stating that the extension will "Access your data for all websites" being displayed to the user. | 3.6 |