| 2019-02-28 | CVE-2018-12396 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
A vulnerability where a WebExtension can run content scripts in disallowed contexts following navigation or other events. | 6.5 |
| 2019-02-28 | CVE-2018-12395 | By rewriting the Host: request headers using the webRequest API, a WebExtension can bypass domain restrictions through domain fronting. | 7.5 |
| 2019-02-28 | CVE-2018-12393 | Integer Overflow or Wraparound vulnerability in multiple products
A potential vulnerability was found in 32-bit builds where an integer overflow during the conversion of scripts to an internal UTF-16 representation could result in allocating a buffer too small for the conversion. | 7.5 |
| 2019-02-28 | CVE-2018-12392 | When manipulating user events in nested loops while opening a document through script, it is possible to trigger a potentially exploitable crash due to poor event handling. | 9.8 |
| 2019-02-28 | CVE-2018-12391 | Incorrect Authorization vulnerability in Mozilla Firefox
During HTTP Live Stream playback on Firefox for Android, audio data can be accessed across origins in violation of security policies. | 8.8 |
| 2019-02-28 | CVE-2018-12390 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Mozilla developers and community members reported memory safety bugs present in Firefox 62 and Firefox ESR 60.2. | 9.8 |
| 2019-02-28 | CVE-2018-12389 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Mozilla developers and community members reported memory safety bugs present in Firefox ESR 60.2. | 8.8 |
| 2019-02-28 | CVE-2018-12388 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Mozilla developers and community members reported memory safety bugs present in Firefox 62. | 8.8 |
| 2019-02-05 | CVE-2018-18506 | When proxy auto-detection is enabled, if a web server serves a Proxy Auto-Configuration (PAC) file or if a PAC file is loaded locally, this PAC file can specify that requests to the localhost are to be sent through the proxy to another server. | 5.9 |
| 2019-02-05 | CVE-2018-18505 | Improper Authentication vulnerability in multiple products
An earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079, added authentication to communication between IPC endpoints and server parents during IPC process creation. | 10.0 |