Vulnerabilities > Mozilla

DATE CVE VULNERABILITY TITLE RISK
2018-06-11 CVE-2018-5108 Information Exposure vulnerability in multiple products
A Blob URL can violate origin attribute segregation, allowing it to be accessed from a private browsing tab and for data to be passed between the private browsing tab and a normal tab.
network
low complexity
mozilla canonical CWE-200
4.3
2018-06-11 CVE-2018-5107 Link Following vulnerability in multiple products
The printing process can bypass local access protections to read files available through symlinks, bypassing local file restrictions.
network
low complexity
mozilla canonical CWE-59
5.3
2018-06-11 CVE-2018-5106 Information Exposure vulnerability in multiple products
Style editor traffic in the Developer Tools can be routed through a service worker hosted on a third party website if a user selects error links when these tools are open.
network
low complexity
mozilla canonical CWE-200
5.3
2018-06-11 CVE-2018-5105 WebExtensions can bypass user prompts to first save and then open an arbitrarily downloaded file.
local
low complexity
mozilla canonical
7.8
2018-06-11 CVE-2018-5104 Use After Free vulnerability in multiple products
A use-after-free vulnerability can occur during font face manipulation when a font face is freed while still in use, resulting in a potentially exploitable crash.
network
low complexity
debian redhat mozilla canonical CWE-416
critical
9.8
2018-06-11 CVE-2018-5103 Use After Free vulnerability in multiple products
A use-after-free vulnerability can occur during mouse event handling due to issues with multiprocess support.
network
low complexity
debian redhat mozilla canonical CWE-416
critical
9.8
2018-06-11 CVE-2018-5102 Use After Free vulnerability in multiple products
A use-after-free vulnerability can occur when manipulating HTML media elements with media streams, resulting in a potentially exploitable crash.
network
low complexity
debian redhat mozilla canonical CWE-416
critical
9.8
2018-06-11 CVE-2018-5101 Use After Free vulnerability in multiple products
A use-after-free vulnerability can occur when manipulating floating "first-letter" style elements, resulting in a potentially exploitable crash.
network
low complexity
mozilla canonical CWE-416
7.5
2018-06-11 CVE-2018-5100 Use After Free vulnerability in multiple products
A use-after-free vulnerability can occur when arguments passed to the "IsPotentiallyScrollable" function are freed while still in use by scripts.
network
low complexity
mozilla canonical CWE-416
7.5
2018-06-11 CVE-2018-5099 Use After Free vulnerability in multiple products
A use-after-free vulnerability can occur when the widget listener is holding strong references to browser objects that have previously been freed, resulting in a potentially exploitable crash when these references are used.
network
low complexity
debian redhat mozilla canonical CWE-416
critical
9.8