Vulnerabilities > Mozilla > Firefox > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-02-28 | CVE-2018-12399 | Improper Authentication vulnerability in multiple products When a new protocol handler is registered, the API accepts a title argument which can be used to mislead users about which domain is registering the new protocol. | 4.3 |
2019-02-28 | CVE-2018-12398 | By using the reflected URL in some special resource URIs, such as chrome:, it is possible to inject stylesheets and bypass Content Security Policy (CSP). | 6.5 |
2019-02-28 | CVE-2018-12396 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products A vulnerability where a WebExtension can run content scripts in disallowed contexts following navigation or other events. | 6.5 |
2019-02-05 | CVE-2018-18506 | When proxy auto-detection is enabled, if a web server serves a Proxy Auto-Configuration (PAC) file or if a PAC file is loaded locally, this PAC file can specify that requests to the localhost are to be sent through the proxy to another server. | 5.9 |
2019-02-04 | CVE-2019-7317 | Use After Free vulnerability in multiple products png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute. | 5.3 |
2018-10-18 | CVE-2018-12383 | Insufficiently Protected Credentials vulnerability in multiple products If a user saved passwords before Firefox 58 and then later set a master password, an unencrypted copy of these passwords is still accessible. | 5.5 |
2018-10-18 | CVE-2018-12382 | Improper Input Validation vulnerability in Mozilla Firefox 62.0 The displayed addressbar URL can be spoofed on Firefox for Android using a javascript: URI in concert with JavaScript to insert text before the loaded domain name, scrolling the loaded domain out of view to the right. | 5.3 |
2018-10-18 | CVE-2018-12381 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Mozilla Firefox Manually dragging and dropping an Outlook email message into the browser will trigger a page navigation when the message's mail columns are incorrectly interpreted as a URL. | 5.3 |
2018-10-18 | CVE-2018-12367 | Improper Input Validation vulnerability in multiple products In the previous mitigations for Spectre, the resolution or precision of various methods was reduced to counteract the ability to measure precise time intervals. | 4.3 |
2018-10-18 | CVE-2018-12366 | Out-of-bounds Read vulnerability in multiple products An invalid grid size during QCMS (color profile) transformations can result in the out-of-bounds read interpreted as a float value. | 6.5 |