Vulnerabilities > Mozilla
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-10-18 | CVE-2018-12382 | Improper Input Validation vulnerability in Mozilla Firefox 62.0 The displayed addressbar URL can be spoofed on Firefox for Android using a javascript: URI in concert with JavaScript to insert text before the loaded domain name, scrolling the loaded domain out of view to the right. | 5.3 |
| 2018-10-18 | CVE-2018-12381 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Mozilla Firefox Manually dragging and dropping an Outlook email message into the browser will trigger a page navigation when the message's mail columns are incorrectly interpreted as a URL. | 5.3 |
| 2018-10-18 | CVE-2018-12379 | Out-of-bounds Write vulnerability in multiple products When the Mozilla Updater opens a MAR format file which contains a very long item filename, an out-of-bounds write can be triggered, leading to a potentially exploitable crash. | 7.8 |
| 2018-10-18 | CVE-2018-12378 | Use After Free vulnerability in multiple products A use-after-free vulnerability can occur when an IndexedDB index is deleted while still in use by JavaScript code that is providing payload values to be stored. | 9.8 |
| 2018-10-18 | CVE-2018-12377 | Use After Free vulnerability in multiple products A use-after-free vulnerability can occur when refresh driver timers are refreshed in some circumstances during shutdown when the timer is deleted while still in use. | 9.8 |
| 2018-10-18 | CVE-2018-12376 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Memory safety bugs present in Firefox 61 and Firefox ESR 60.1. | 9.8 |
| 2018-10-18 | CVE-2018-12375 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Memory safety bugs present in Firefox 61. | 8.8 |
| 2018-10-18 | CVE-2018-12374 | Information Exposure vulnerability in multiple products Plaintext of decrypted emails can leak through by user submitting an embedded form by pressing enter key within a text input field. | 4.3 |
| 2018-10-18 | CVE-2018-12373 | Information Exposure vulnerability in multiple products dDecrypted S/MIME parts hidden with CSS or the plaintext HTML tag can leak plaintext when included in a HTML reply/forward. | 6.5 |
| 2018-10-18 | CVE-2018-12372 | Information Exposure vulnerability in multiple products Decrypted S/MIME parts, when included in HTML crafted for an attack, can leak plaintext when included in a a HTML reply/forward. | 6.5 |