Vulnerabilities > Mozilla > Firefox > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-04-26 CVE-2018-5124 Cross-site Scripting vulnerability in Mozilla Firefox
Unsanitized output in the browser UI leaves HTML tags in place and can result in arbitrary code execution in Firefox before version 58.0.1.
network
low complexity
mozilla CWE-79
6.1
2019-04-26 CVE-2018-18511 Information Exposure vulnerability in Mozilla Firefox 65.0
Cross-origin images can be read from a canvas element in violation of the same-origin policy using the transferFromImageBitmap method.
network
low complexity
mozilla CWE-200
4.3
2019-04-26 CVE-2018-18510 Unspecified vulnerability in Mozilla Firefox
The about:crashcontent and about:crashparent pages can be triggered by web content.
network
low complexity
mozilla
6.5
2019-02-28 CVE-2018-18499 Origin Validation Error vulnerability in Mozilla Firefox
A same-origin policy violation allowing the theft of cross-origin URL entries when using a meta http-equiv="refresh" on a page to cause a redirection to another site using performance.getEntries().
network
low complexity
mozilla CWE-346
6.5
2019-02-28 CVE-2018-18497 Limitations on the URIs allowed to WebExtensions by the browser.windows.create API can be bypassed when a pipe in the URL field is used within the extension to load multiple pages as a single argument.
network
low complexity
mozilla canonical
6.5
2019-02-28 CVE-2018-18495 Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
WebExtension content scripts can be loaded into about: pages in some circumstances, in violation of the permissions granted to extensions.
network
low complexity
mozilla canonical CWE-732
6.5
2019-02-28 CVE-2018-18494 Origin Validation Error vulnerability in multiple products
A same-origin policy violation allowing the theft of cross-origin URL entries when using the Javascript location property to cause a redirection to another site using performance.getEntries().
network
low complexity
mozilla debian canonical redhat CWE-346
6.5
2019-02-28 CVE-2018-12403 If a site is loaded over a HTTPS connection but loads a favicon resource over HTTP, the mixed content warning is not displayed to users.
network
low complexity
mozilla canonical
5.3
2019-02-28 CVE-2018-12402 Origin Validation Error vulnerability in multiple products
The internal WebBrowserPersist code does not use correct origin context for a resource being saved.
network
low complexity
mozilla canonical CWE-346
6.5
2019-02-28 CVE-2018-12400 Information Exposure vulnerability in Mozilla Firefox
In private browsing mode on Firefox for Android, favicons are cached in the cache/icons folder as they are in non-private mode.
network
low complexity
mozilla CWE-200
5.3