Vulnerabilities > Mozilla > Firefox > High

DATE CVE VULNERABILITY TITLE RISK
2018-06-11 CVE-2018-5105 WebExtensions can bypass user prompts to first save and then open an arbitrarily downloaded file.
local
low complexity
mozilla canonical
7.8
2018-06-11 CVE-2018-5101 Use After Free vulnerability in multiple products
A use-after-free vulnerability can occur when manipulating floating "first-letter" style elements, resulting in a potentially exploitable crash.
network
low complexity
mozilla canonical CWE-416
7.5
2018-06-11 CVE-2018-5100 Use After Free vulnerability in multiple products
A use-after-free vulnerability can occur when arguments passed to the "IsPotentiallyScrollable" function are freed while still in use by scripts.
network
low complexity
mozilla canonical CWE-416
7.5
2018-06-11 CVE-2018-5094 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
A heap buffer overflow vulnerability may occur in WebAssembly when "shrinkElements" is called followed by garbage collection on memory that is now uninitialized.
network
low complexity
mozilla canonical CWE-119
7.5
2018-06-11 CVE-2018-5093 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
A heap buffer overflow vulnerability may occur in WebAssembly during Memory/Table resizing, resulting in a potentially exploitable crash.
network
low complexity
mozilla canonical CWE-119
7.5
2018-06-11 CVE-2017-7845 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mozilla Firefox
A buffer overflow occurs when drawing and validating elements using Direct 3D 9 with the ANGLE graphics library, used for WebGL content.
network
low complexity
mozilla CWE-119
8.8
2018-06-11 CVE-2017-7843 Information Exposure vulnerability in multiple products
When Private Browsing mode is used, it is possible for a web worker to write persistent data to IndexedDB and fingerprint a user uniquely.
network
low complexity
debian mozilla redhat CWE-200
7.5
2018-06-11 CVE-2017-7836 Uncontrolled Search Path Element vulnerability in Mozilla Firefox
The "pingsender" executable used by the Firefox Health Report dynamically loads a system copy of libcurl, which an attacker could replace.
local
low complexity
mozilla CWE-427
7.8
2018-06-11 CVE-2017-7835 Unspecified vulnerability in Mozilla Firefox
Mixed content blocking of insecure (HTTP) sub-resources in a secure (HTTPS) document was not correctly applied for resources that redirect from HTTPS to HTTP, allowing content that should be blocked, such as scripts, to be loaded on a page.
network
low complexity
mozilla
7.3
2018-06-11 CVE-2017-7814 Improper Input Validation vulnerability in multiple products
File downloads encoded with "blob:" and "data:" URL elements bypassed normal file download checks though the Phishing and Malware Protection feature and its block lists of suspicious sites and files.
local
low complexity
redhat mozilla debian CWE-20
7.8