Vulnerabilities > Mozilla
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-10-18 | CVE-2018-12360 | Use After Free vulnerability in multiple products A use-after-free vulnerability can occur when deleting an input element during a mutation event handler triggered by focusing that element. | 8.8 |
| 2018-10-18 | CVE-2018-12359 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products A buffer overflow can occur when rendering canvas content while adjusting the height and width of the canvas element dynamically, causing data to be written outside of the currently computed boundaries. | 8.8 |
| 2018-10-18 | CVE-2018-12358 | Information Exposure vulnerability in multiple products Service workers can use redirection to avoid the tainting of cross-origin resources in some instances, allowing a malicious site to read responses which are supposed to be opaque. | 4.3 |
| 2018-10-18 | CVE-2016-9069 | Use After Free vulnerability in Mozilla Firefox A use-after-free in nsINode::ReplaceOrInsertBefore during DOM operations resulting in potentially exploitable crashes. | 7.8 |
| 2018-08-01 | CVE-2016-8635 | It was found that Diffie Hellman Client key exchange handling in NSS 3.21.x was vulnerable to small subgroup confinement attack. | 5.9 |
| 2018-07-19 | CVE-2016-9574 | Session Fixation vulnerability in Mozilla Network Security Services nss before version 3.30 is vulnerable to a remote denial of service during the session handshake when using SessionTicket extension and ECDHE-ECDSA. | 5.9 |
| 2018-07-12 | CVE-2018-8024 | Information Exposure vulnerability in multiple products In Apache Spark 2.1.0 to 2.1.2, 2.2.0 to 2.2.1, and 2.3.0, it's possible for a malicious user to construct a URL pointing to a Spark cluster's UI's job and stage info pages, and if a user can be tricked into accessing the URL, can be used to cause script to execute and expose information from the user's view of the Spark UI. | 5.4 |
| 2018-06-11 | CVE-2018-5185 | Missing Encryption of Sensitive Data vulnerability in multiple products Plaintext of decrypted emails can leak through by user submitting an embedded form. | 6.5 |
| 2018-06-11 | CVE-2018-5184 | Inadequate Encryption Strength vulnerability in multiple products Using remote content in encrypted messages can lead to the disclosure of plaintext. | 7.5 |
| 2018-06-11 | CVE-2018-5183 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Mozilla developers backported selected changes in the Skia library. | 9.8 |