Vulnerabilities > Mozilla > Firefox > High

DATE CVE VULNERABILITY TITLE RISK
2019-04-15 CVE-2017-7776 Out-of-bounds Read vulnerability in multiple products
Heap-based Buffer Overflow read in Graphite2 library in Firefox before 54 in graphite2::Silf::getClassGlyph.
network
low complexity
mozilla sil CWE-125
8.1
2019-04-15 CVE-2017-7773 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Heap-based Buffer Overflow write in Graphite2 library in Firefox before 54 in lz4::decompress src/Decompressor.
network
low complexity
mozilla sil CWE-119
8.8
2019-04-15 CVE-2017-7771 Out-of-bounds Read vulnerability in multiple products
Out-of-bounds read in Graphite2 Library in Firefox before 54 in graphite2::Pass::readPass function.
network
low complexity
mozilla sil CWE-125
8.1
2019-04-12 CVE-2017-7772 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Heap-based Buffer Overflow in Graphite2 library in Firefox before 54 in lz4::decompress function.
network
low complexity
mozilla sil CWE-119
8.8
2019-02-28 CVE-2018-18496 Improper Restriction of Rendered UI Layers or Frames vulnerability in Mozilla Firefox
When the RSS Feed preview about:feeds page is framed within another page, it can be used in concert with scripted content for a clickjacking attack that confuses users into downloading and executing an executable file from a temporary directory.
network
low complexity
mozilla CWE-1021
8.8
2019-02-28 CVE-2018-12406 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Mozilla developers and community members reported memory safety bugs present in Firefox 63.
network
low complexity
mozilla canonical CWE-119
8.8
2019-02-28 CVE-2018-12401 Improper Input Validation vulnerability in multiple products
Some special resource URIs will cause a non-exploitable crash if loaded with optional parameters following a '?' in the parsed string.
network
low complexity
mozilla canonical CWE-20
7.5
2019-02-28 CVE-2018-12397 Information Exposure vulnerability in multiple products
A WebExtension can request access to local files without the warning prompt stating that the extension will "Access your data for all websites" being displayed to the user.
local
low complexity
mozilla redhat debian canonical CWE-200
7.1
2019-02-28 CVE-2018-12395 By rewriting the Host: request headers using the webRequest API, a WebExtension can bypass domain restrictions through domain fronting.
network
low complexity
mozilla debian canonical redhat
7.5
2019-02-28 CVE-2018-12393 Integer Overflow or Wraparound vulnerability in multiple products
A potential vulnerability was found in 32-bit builds where an integer overflow during the conversion of scripts to an internal UTF-16 representation could result in allocating a buffer too small for the conversion.
network
low complexity
mozilla debian canonical redhat CWE-190
7.5