Vulnerabilities > Mozilla > Firefox > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-06-11 | CVE-2018-5105 | WebExtensions can bypass user prompts to first save and then open an arbitrarily downloaded file. | 7.8 |
2018-06-11 | CVE-2018-5101 | Use After Free vulnerability in multiple products A use-after-free vulnerability can occur when manipulating floating "first-letter" style elements, resulting in a potentially exploitable crash. | 7.5 |
2018-06-11 | CVE-2018-5100 | Use After Free vulnerability in multiple products A use-after-free vulnerability can occur when arguments passed to the "IsPotentiallyScrollable" function are freed while still in use by scripts. | 7.5 |
2018-06-11 | CVE-2018-5094 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products A heap buffer overflow vulnerability may occur in WebAssembly when "shrinkElements" is called followed by garbage collection on memory that is now uninitialized. | 7.5 |
2018-06-11 | CVE-2018-5093 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products A heap buffer overflow vulnerability may occur in WebAssembly during Memory/Table resizing, resulting in a potentially exploitable crash. | 7.5 |
2018-06-11 | CVE-2017-7845 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mozilla Firefox A buffer overflow occurs when drawing and validating elements using Direct 3D 9 with the ANGLE graphics library, used for WebGL content. | 8.8 |
2018-06-11 | CVE-2017-7843 | Information Exposure vulnerability in multiple products When Private Browsing mode is used, it is possible for a web worker to write persistent data to IndexedDB and fingerprint a user uniquely. | 7.5 |
2018-06-11 | CVE-2017-7836 | Uncontrolled Search Path Element vulnerability in Mozilla Firefox The "pingsender" executable used by the Firefox Health Report dynamically loads a system copy of libcurl, which an attacker could replace. | 7.8 |
2018-06-11 | CVE-2017-7835 | Unspecified vulnerability in Mozilla Firefox Mixed content blocking of insecure (HTTP) sub-resources in a secure (HTTPS) document was not correctly applied for resources that redirect from HTTPS to HTTP, allowing content that should be blocked, such as scripts, to be loaded on a page. | 7.3 |
2018-06-11 | CVE-2017-7814 | Improper Input Validation vulnerability in multiple products File downloads encoded with "blob:" and "data:" URL elements bypassed normal file download checks though the Phishing and Malware Protection feature and its block lists of suspicious sites and files. | 7.8 |