Vulnerabilities > Mozilla > Firefox > High

DATE CVE VULNERABILITY TITLE RISK
2018-06-11 CVE-2018-5174 Unspecified vulnerability in Mozilla products
In the Windows 10 April 2018 Update, Windows Defender SmartScreen honors the "SEE_MASK_FLAG_NO_UI" flag associated with downloaded files and will not show any UI.
network
low complexity
mozilla
7.5
2018-06-11 CVE-2018-5166 Improper Privilege Management vulnerability in multiple products
WebExtensions can use request redirection and a "filterReponseData" filter to bypass host permission settings to redirect network traffic and access content from a host for which they do not have explicit user permission.
network
low complexity
canonical mozilla CWE-269
7.5
2018-06-11 CVE-2018-5163 Improper Preservation of Permissions vulnerability in multiple products
If a malicious attacker has used another vulnerability to gain full control over a content process, they may be able to replace the alternate data resources stored in the JavaScript Start-up Bytecode Cache (JSBC) for other JavaScript code.
network
high complexity
canonical mozilla CWE-281
8.1
2018-06-11 CVE-2018-5160 Use of Uninitialized Resource vulnerability in multiple products
WebRTC can use a "WrappedI420Buffer" pixel buffer but the owning image object can be freed while it is still in use.
network
low complexity
canonical mozilla CWE-908
7.5
2018-06-11 CVE-2018-5158 Code Injection vulnerability in multiple products
The PDF viewer does not sufficiently sanitize PostScript calculator functions, allowing malicious JavaScript to be injected through a crafted PDF file.
network
low complexity
debian redhat mozilla canonical CWE-94
8.8
2018-06-11 CVE-2018-5157 Origin Validation Error vulnerability in multiple products
Same-origin protections for the PDF viewer can be bypassed, allowing a malicious site to intercept messages meant for the viewer.
network
low complexity
redhat debian canonical mozilla CWE-346
7.5
2018-06-11 CVE-2018-5153 Out-of-bounds Read vulnerability in multiple products
If websocket data is sent with mixed text and binary in a single message, the binary data can be corrupted.
network
low complexity
mozilla canonical CWE-125
7.5
2018-06-11 CVE-2018-5146 Out-of-bounds Write vulnerability in multiple products
An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest.
network
low complexity
redhat debian canonical mozilla CWE-787
8.8
2018-06-11 CVE-2018-5141 Improper Input Validation vulnerability in multiple products
A vulnerability in the notifications Push API where notifications can be sent through service workers by web content without direct user interaction.
network
low complexity
mozilla canonical CWE-20
8.2
2018-06-11 CVE-2018-5137 Information Exposure vulnerability in multiple products
A legacy extension's non-contentaccessible, defined resources can be loaded by an arbitrary web page through script.
network
low complexity
mozilla canonical CWE-200
7.5