Vulnerabilities > Mozilla > Firefox > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-02-28 CVE-2018-12399 Improper Authentication vulnerability in multiple products
When a new protocol handler is registered, the API accepts a title argument which can be used to mislead users about which domain is registering the new protocol.
network
low complexity
mozilla canonical CWE-287
4.3
2019-02-28 CVE-2018-12398 By using the reflected URL in some special resource URIs, such as chrome:, it is possible to inject stylesheets and bypass Content Security Policy (CSP).
network
low complexity
mozilla canonical
6.5
2019-02-28 CVE-2018-12396 Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
A vulnerability where a WebExtension can run content scripts in disallowed contexts following navigation or other events.
network
low complexity
mozilla debian canonical redhat CWE-732
6.5
2019-02-05 CVE-2018-18506 When proxy auto-detection is enabled, if a web server serves a Proxy Auto-Configuration (PAC) file or if a PAC file is loaded locally, this PAC file can specify that requests to the localhost are to be sent through the proxy to another server.
network
high complexity
mozilla canonical debian redhat opensuse
5.9
2019-02-04 CVE-2019-7317 Use After Free vulnerability in multiple products
png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.
5.3
2018-10-18 CVE-2018-12383 Insufficiently Protected Credentials vulnerability in multiple products
If a user saved passwords before Firefox 58 and then later set a master password, an unencrypted copy of these passwords is still accessible.
local
low complexity
redhat debian canonical mozilla CWE-522
5.5
2018-10-18 CVE-2018-12382 Improper Input Validation vulnerability in Mozilla Firefox 62.0
The displayed addressbar URL can be spoofed on Firefox for Android using a javascript: URI in concert with JavaScript to insert text before the loaded domain name, scrolling the loaded domain out of view to the right.
network
low complexity
mozilla CWE-20
5.3
2018-10-18 CVE-2018-12381 Externally Controlled Reference to a Resource in Another Sphere vulnerability in Mozilla Firefox
Manually dragging and dropping an Outlook email message into the browser will trigger a page navigation when the message's mail columns are incorrectly interpreted as a URL.
network
low complexity
mozilla CWE-610
5.3
2018-10-18 CVE-2018-12367 Improper Input Validation vulnerability in multiple products
In the previous mitigations for Spectre, the resolution or precision of various methods was reduced to counteract the ability to measure precise time intervals.
network
low complexity
debian canonical mozilla CWE-20
4.3
2018-10-18 CVE-2018-12366 Out-of-bounds Read vulnerability in multiple products
An invalid grid size during QCMS (color profile) transformations can result in the out-of-bounds read interpreted as a float value.
network
low complexity
redhat debian canonical mozilla CWE-125
6.5