Vulnerabilities > Mozilla > Firefox > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-02-05 | CVE-2018-18502 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Mozilla developers and community members reported memory safety bugs present in Firefox 64. | 9.8 |
| 2019-02-05 | CVE-2018-18504 | Out-of-bounds Read vulnerability in multiple products A crash and out-of-bounds read can occur when the buffer of a texture client is freed while it is still in use during graphic operations. | 9.8 |
| 2019-02-05 | CVE-2018-18505 | Improper Authentication vulnerability in multiple products An earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079, added authentication to communication between IPC endpoints and server parents during IPC process creation. | 10.0 |
| 2018-10-18 | CVE-2018-12369 | Incorrect Authorization vulnerability in multiple products WebExtensions bundled with embedded experiments were not correctly checked for proper authorization. | 9.8 |
| 2018-10-18 | CVE-2018-12376 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Memory safety bugs present in Firefox 61 and Firefox ESR 60.1. | 9.8 |
| 2018-10-18 | CVE-2018-12377 | Use After Free vulnerability in multiple products A use-after-free vulnerability can occur when refresh driver timers are refreshed in some circumstances during shutdown when the timer is deleted while still in use. | 9.8 |
| 2018-10-18 | CVE-2018-12378 | Use After Free vulnerability in multiple products A use-after-free vulnerability can occur when an IndexedDB index is deleted while still in use by JavaScript code that is providing payload values to be stored. | 9.8 |
| 2018-10-18 | CVE-2018-12387 | Improper Input Validation vulnerability in multiple products A vulnerability where the JavaScript JIT compiler inlines Array.prototype.push with multiple arguments that results in the stack pointer being off by 8 bytes after a bailout. | 9.1 |
| 2018-10-18 | CVE-2018-5156 | Improper Input Validation vulnerability in multiple products A vulnerability can occur when capturing a media stream when the media source type is changed as the capture is occurring. | 9.8 |
| 2018-10-18 | CVE-2018-5186 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Memory safety bugs present in Firefox 60. | 9.8 |