Vulnerabilities > Mozilla > Firefox > 63.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-02-28 | CVE-2018-18495 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products WebExtension content scripts can be loaded into about: pages in some circumstances, in violation of the permissions granted to extensions. | 6.5 |
| 2019-02-28 | CVE-2018-18494 | Origin Validation Error vulnerability in multiple products A same-origin policy violation allowing the theft of cross-origin URL entries when using the Javascript location property to cause a redirection to another site using performance.getEntries(). | 6.5 |
| 2019-02-28 | CVE-2018-18493 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products A buffer overflow can occur in the Skia library during buffer offset calculations with hardware accelerated canvas 2D actions due to the use of 32-bit calculations instead of 64-bit. | 9.8 |
| 2019-02-28 | CVE-2018-18492 | Use After Free vulnerability in multiple products A use-after-free vulnerability can occur after deleting a selection element due to a weak reference to the select element in the options collection. | 9.8 |
| 2019-02-28 | CVE-2018-12407 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products A buffer overflow occurs when drawing and validating elements with the ANGLE graphics library, used for WebGL content, when working with the VertexBuffer11 module. | 9.8 |
| 2019-02-28 | CVE-2018-12406 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Mozilla developers and community members reported memory safety bugs present in Firefox 63. | 8.8 |
| 2019-02-28 | CVE-2018-12405 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Mozilla developers and community members reported memory safety bugs present in Firefox 63 and Firefox ESR 60.3. | 9.8 |
| 2019-02-05 | CVE-2018-18506 | When proxy auto-detection is enabled, if a web server serves a Proxy Auto-Configuration (PAC) file or if a PAC file is loaded locally, this PAC file can specify that requests to the localhost are to be sent through the proxy to another server. | 5.9 |
| 2019-02-05 | CVE-2018-18505 | Improper Authentication vulnerability in multiple products An earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079, added authentication to communication between IPC endpoints and server parents during IPC process creation. | 10.0 |
| 2019-02-05 | CVE-2018-18504 | Out-of-bounds Read vulnerability in multiple products A crash and out-of-bounds read can occur when the buffer of a texture client is freed while it is still in use during graphic operations. | 9.8 |