Vulnerabilities > Mozilla > Firefox > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-04-26 | CVE-2018-5124 | Cross-site Scripting vulnerability in Mozilla Firefox Unsanitized output in the browser UI leaves HTML tags in place and can result in arbitrary code execution in Firefox before version 58.0.1. | 6.1 |
2019-04-26 | CVE-2018-18511 | Information Exposure vulnerability in Mozilla Firefox 65.0 Cross-origin images can be read from a canvas element in violation of the same-origin policy using the transferFromImageBitmap method. | 4.3 |
2019-04-26 | CVE-2018-18510 | Unspecified vulnerability in Mozilla Firefox The about:crashcontent and about:crashparent pages can be triggered by web content. | 6.5 |
2019-02-28 | CVE-2018-18499 | Origin Validation Error vulnerability in Mozilla Firefox A same-origin policy violation allowing the theft of cross-origin URL entries when using a meta http-equiv="refresh" on a page to cause a redirection to another site using performance.getEntries(). | 6.5 |
2019-02-28 | CVE-2018-18497 | Limitations on the URIs allowed to WebExtensions by the browser.windows.create API can be bypassed when a pipe in the URL field is used within the extension to load multiple pages as a single argument. | 6.5 |
2019-02-28 | CVE-2018-18495 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products WebExtension content scripts can be loaded into about: pages in some circumstances, in violation of the permissions granted to extensions. | 6.5 |
2019-02-28 | CVE-2018-18494 | Origin Validation Error vulnerability in multiple products A same-origin policy violation allowing the theft of cross-origin URL entries when using the Javascript location property to cause a redirection to another site using performance.getEntries(). | 6.5 |
2019-02-28 | CVE-2018-12403 | If a site is loaded over a HTTPS connection but loads a favicon resource over HTTP, the mixed content warning is not displayed to users. | 5.3 |
2019-02-28 | CVE-2018-12402 | Origin Validation Error vulnerability in multiple products The internal WebBrowserPersist code does not use correct origin context for a resource being saved. | 6.5 |
2019-02-28 | CVE-2018-12400 | Information Exposure vulnerability in Mozilla Firefox In private browsing mode on Firefox for Android, favicons are cached in the cache/icons folder as they are in non-private mode. | 5.3 |