Vulnerabilities > Mozilla > Firefox > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-04-15 | CVE-2017-7773 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Heap-based Buffer Overflow write in Graphite2 library in Firefox before 54 in lz4::decompress src/Decompressor. | 8.8 |
| 2019-04-15 | CVE-2017-7771 | Out-of-bounds Read vulnerability in multiple products Out-of-bounds read in Graphite2 Library in Firefox before 54 in graphite2::Pass::readPass function. | 8.1 |
| 2019-04-12 | CVE-2017-7772 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Heap-based Buffer Overflow in Graphite2 library in Firefox before 54 in lz4::decompress function. | 8.8 |
| 2019-02-28 | CVE-2018-18496 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Mozilla Firefox When the RSS Feed preview about:feeds page is framed within another page, it can be used in concert with scripted content for a clickjacking attack that confuses users into downloading and executing an executable file from a temporary directory. | 8.8 |
| 2019-02-28 | CVE-2018-12406 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Mozilla developers and community members reported memory safety bugs present in Firefox 63. | 8.8 |
| 2019-02-28 | CVE-2018-12401 | Improper Input Validation vulnerability in multiple products Some special resource URIs will cause a non-exploitable crash if loaded with optional parameters following a '?' in the parsed string. | 7.5 |
| 2019-02-28 | CVE-2018-12397 | Information Exposure vulnerability in multiple products A WebExtension can request access to local files without the warning prompt stating that the extension will "Access your data for all websites" being displayed to the user. | 7.1 |
| 2019-02-28 | CVE-2018-12395 | By rewriting the Host: request headers using the webRequest API, a WebExtension can bypass domain restrictions through domain fronting. | 7.5 |
| 2019-02-28 | CVE-2018-12393 | Integer Overflow or Wraparound vulnerability in multiple products A potential vulnerability was found in 32-bit builds where an integer overflow during the conversion of scripts to an internal UTF-16 representation could result in allocating a buffer too small for the conversion. | 7.5 |
| 2019-02-28 | CVE-2018-12391 | Incorrect Authorization vulnerability in Mozilla Firefox During HTTP Live Stream playback on Firefox for Android, audio data can be accessed across origins in violation of security policies. | 8.8 |