Vulnerabilities > Mozilla > Firefox > High

DATE CVE VULNERABILITY TITLE RISK
2018-06-11 CVE-2018-5136 Improper Input Validation vulnerability in multiple products
A shared worker created from a "data:" URL in one tab can be shared by another tab with a different origin, bypassing the same-origin policy.
network
low complexity
canonical mozilla CWE-20
7.5
2018-06-11 CVE-2018-5135 Missing Authorization vulnerability in Mozilla Firefox
WebExtensions can bypass normal restrictions in some circumstances and use "browser.tabs.executeScript" to inject scripts into contexts where this should not be allowed, such as pages from other WebExtensions or unprivileged "about:" pages.
network
low complexity
mozilla CWE-862
7.5
2018-06-11 CVE-2018-5134 Information Exposure vulnerability in Mozilla Firefox
WebExtensions may use "view-source:" URLs to view local "file:" URL content, as well as content stored in "about:cache", bypassing restrictions that only allow WebExtensions to view specific content.
network
low complexity
mozilla CWE-200
7.5
2018-06-11 CVE-2018-5130 Improper Input Validation vulnerability in multiple products
When packets with a mismatched RTP payload type are sent in WebRTC connections, in some circumstances a potentially exploitable crash is triggered.
network
low complexity
debian redhat canonical mozilla CWE-20
8.8
2018-06-11 CVE-2018-5129 Out-of-bounds Write vulnerability in multiple products
A lack of parameter validation on IPC messages results in a potential out-of-bounds write through malformed IPC messages.
network
low complexity
debian mozilla redhat canonical CWE-787
8.6
2018-06-11 CVE-2018-5127 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
A buffer overflow can occur when manipulating the SVG "animatedPathSegList" through script.
network
low complexity
redhat debian canonical mozilla CWE-119
8.8
2018-06-11 CVE-2018-5125 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Memory safety bugs were reported in Firefox 58 and Firefox ESR 52.6.
network
low complexity
canonical redhat debian mozilla CWE-119
8.8
2018-06-11 CVE-2018-5115 Information Exposure vulnerability in multiple products
If an HTTP authentication prompt is triggered by a background network request from a page or extension, it is displayed over the currently loaded foreground page.
network
low complexity
mozilla canonical CWE-200
7.5
2018-06-11 CVE-2018-5113 Missing Authorization vulnerability in multiple products
The "browser.identity.launchWebAuthFlow" function of WebExtensions is only allowed to load content over "https:" but this requirement was not properly enforced.
network
low complexity
mozilla canonical CWE-862
7.5
2018-06-11 CVE-2018-5112 Files or Directories Accessible to External Parties vulnerability in multiple products
Development Tools panels of an extension are required to load URLs for the panels as relative URLs from the extension manifest file but this requirement was not enforced in all instances.
network
low complexity
mozilla canonical CWE-552
7.5