Vulnerabilities > Mozilla

DATE CVE VULNERABILITY TITLE RISK
2019-02-28 CVE-2018-12407 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
A buffer overflow occurs when drawing and validating elements with the ANGLE graphics library, used for WebGL content, when working with the VertexBuffer11 module.
network
low complexity
mozilla canonical CWE-119
critical
9.8
2019-02-28 CVE-2018-12406 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Mozilla developers and community members reported memory safety bugs present in Firefox 63.
network
low complexity
mozilla canonical CWE-119
8.8
2019-02-28 CVE-2018-12405 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Mozilla developers and community members reported memory safety bugs present in Firefox 63 and Firefox ESR 60.3.
network
low complexity
mozilla debian canonical redhat CWE-119
critical
9.8
2019-02-28 CVE-2018-12403 If a site is loaded over a HTTPS connection but loads a favicon resource over HTTP, the mixed content warning is not displayed to users.
network
low complexity
mozilla canonical
5.3
2019-02-28 CVE-2018-12402 Origin Validation Error vulnerability in multiple products
The internal WebBrowserPersist code does not use correct origin context for a resource being saved.
network
low complexity
mozilla canonical CWE-346
6.5
2019-02-28 CVE-2018-12401 Improper Input Validation vulnerability in multiple products
Some special resource URIs will cause a non-exploitable crash if loaded with optional parameters following a '?' in the parsed string.
network
low complexity
mozilla canonical CWE-20
7.5
2019-02-28 CVE-2018-12400 Information Exposure vulnerability in Mozilla Firefox
In private browsing mode on Firefox for Android, favicons are cached in the cache/icons folder as they are in non-private mode.
network
low complexity
mozilla CWE-200
5.3
2019-02-28 CVE-2018-12399 Improper Authentication vulnerability in multiple products
When a new protocol handler is registered, the API accepts a title argument which can be used to mislead users about which domain is registering the new protocol.
network
low complexity
mozilla canonical CWE-287
4.3
2019-02-28 CVE-2018-12398 By using the reflected URL in some special resource URIs, such as chrome:, it is possible to inject stylesheets and bypass Content Security Policy (CSP).
network
low complexity
mozilla canonical
6.5
2019-02-28 CVE-2018-12397 Information Exposure vulnerability in multiple products
A WebExtension can request access to local files without the warning prompt stating that the extension will "Access your data for all websites" being displayed to the user.
local
low complexity
mozilla redhat debian canonical CWE-200
7.1