Vulnerabilities > Mozilla
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-11 | CVE-2018-5164 | Cross-site Scripting vulnerability in multiple products Content Security Policy (CSP) is not applied correctly to all parts of multipart content sent with the "multipart/x-mixed-replace" MIME type. | 6.1 |
| 2018-06-11 | CVE-2018-5163 | Improper Preservation of Permissions vulnerability in multiple products If a malicious attacker has used another vulnerability to gain full control over a content process, they may be able to replace the alternate data resources stored in the JavaScript Start-up Bytecode Cache (JSBC) for other JavaScript code. | 8.1 |
| 2018-06-11 | CVE-2018-5162 | Missing Encryption of Sensitive Data vulnerability in multiple products Plaintext of decrypted emails can leak through the src attribute of remote images, or links. | 7.5 |
| 2018-06-11 | CVE-2018-5161 | Improper Input Validation vulnerability in multiple products Crafted message headers can cause a Thunderbird process to hang on receiving the message. | 4.3 |
| 2018-06-11 | CVE-2018-5160 | Use of Uninitialized Resource vulnerability in multiple products WebRTC can use a "WrappedI420Buffer" pixel buffer but the owning image object can be freed while it is still in use. | 7.5 |
| 2018-06-11 | CVE-2018-5159 | Integer Overflow or Wraparound vulnerability in multiple products An integer overflow can occur in the Skia library due to 32-bit integer use in an array without integer overflow checks, resulting in possible out-of-bounds writes. | 9.8 |
| 2018-06-11 | CVE-2018-5158 | Code Injection vulnerability in multiple products The PDF viewer does not sufficiently sanitize PostScript calculator functions, allowing malicious JavaScript to be injected through a crafted PDF file. | 8.8 |
| 2018-06-11 | CVE-2018-5157 | Origin Validation Error vulnerability in multiple products Same-origin protections for the PDF viewer can be bypassed, allowing a malicious site to intercept messages meant for the viewer. | 7.5 |
| 2018-06-11 | CVE-2018-5155 | Use After Free vulnerability in multiple products A use-after-free vulnerability can occur while adjusting layout during SVG animations with text paths. | 9.8 |
| 2018-06-11 | CVE-2018-5154 | Use After Free vulnerability in multiple products A use-after-free vulnerability can occur while enumerating attributes during SVG animations with clip paths. | 9.8 |