Firefox

DATE	CVE	VULNERABILITY TITLE	RISK
2019-02-04	CVE-2019-7317	Use After Free vulnerability in multiple products png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute. network high complexity libpng debian canonical oracle hpe hp mozilla opensuse netapp redhat CWE-416	5.3
2018-10-18	CVE-2018-5188	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Memory safety bugs present in Firefox 60, Firefox ESR 60, and Firefox ESR 52.8. network low complexity debian canonical mozilla redhat CWE-119 critical	9.8
2018-10-18	CVE-2018-5187	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Memory safety bugs present in Firefox 60 and Firefox ESR 60. network low complexity debian canonical mozilla CWE-119 critical	9.8
2018-10-18	CVE-2018-5186	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Memory safety bugs present in Firefox 60. network low complexity mozilla canonical CWE-119 critical	9.8
2018-10-18	CVE-2018-5156	Improper Input Validation vulnerability in multiple products A vulnerability can occur when capturing a media stream when the media source type is changed as the capture is occurring. network low complexity redhat debian canonical mozilla CWE-20 critical	9.8
2018-10-18	CVE-2018-12387	Improper Input Validation vulnerability in multiple products A vulnerability where the JavaScript JIT compiler inlines Array.prototype.push with multiple arguments that results in the stack pointer being off by 8 bytes after a bailout. network low complexity redhat debian canonical mozilla CWE-20 critical	9.1
2018-10-18	CVE-2018-12386	Incorrect Type Conversion or Cast vulnerability in multiple products A vulnerability in register allocation in JavaScript can lead to type confusion, allowing for an arbitrary read and write. network low complexity redhat debian canonical mozilla CWE-704	8.1
2018-10-18	CVE-2018-12385	Improper Input Validation vulnerability in multiple products A potentially exploitable crash in TransportSecurityInfo used for SSL can be triggered by data stored in the local cache in the user profile directory. local high complexity redhat debian canonical mozilla CWE-20	7.0
2018-10-18	CVE-2018-12383	Insufficiently Protected Credentials vulnerability in multiple products If a user saved passwords before Firefox 58 and then later set a master password, an unencrypted copy of these passwords is still accessible. local low complexity redhat debian canonical mozilla CWE-522	5.5
2018-10-18	CVE-2018-12382	Improper Input Validation vulnerability in Mozilla Firefox 62.0 The displayed addressbar URL can be spoofed on Firefox for Android using a javascript: URI in concert with JavaScript to insert text before the loaded domain name, scrolling the loaded domain out of view to the right. network low complexity mozilla CWE-20	5.3