Vulnerabilities > Mozilla > Critical

DATE CVE VULNERABILITY TITLE RISK
2019-02-28 CVE-2018-18493 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
A buffer overflow can occur in the Skia library during buffer offset calculations with hardware accelerated canvas 2D actions due to the use of 32-bit calculations instead of 64-bit.
network
low complexity
mozilla debian canonical redhat CWE-119
critical
 9.8
9.8
2019-02-28 CVE-2018-18492 Use After Free vulnerability in multiple products
A use-after-free vulnerability can occur after deleting a selection element due to a weak reference to the select element in the options collection.
network
low complexity
mozilla debian canonical redhat CWE-416
critical
 9.8
9.8
2019-02-28 CVE-2018-12407 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
A buffer overflow occurs when drawing and validating elements with the ANGLE graphics library, used for WebGL content, when working with the VertexBuffer11 module.
network
low complexity
mozilla canonical CWE-119
critical
 9.8
9.8
2019-02-28 CVE-2018-12405 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Mozilla developers and community members reported memory safety bugs present in Firefox 63 and Firefox ESR 60.3.
network
low complexity
mozilla debian canonical redhat CWE-119
critical
 9.8
9.8
2019-02-28 CVE-2018-12392 When manipulating user events in nested loops while opening a document through script, it is possible to trigger a potentially exploitable crash due to poor event handling.
network
low complexity
mozilla debian canonical redhat
critical
 9.8
9.8
2019-02-28 CVE-2018-12390 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Mozilla developers and community members reported memory safety bugs present in Firefox 62 and Firefox ESR 60.2.
network
low complexity
mozilla debian canonical redhat CWE-119
critical
 9.8
9.8
2019-02-05 CVE-2018-18505 Improper Authentication vulnerability in multiple products
An earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079, added authentication to communication between IPC endpoints and server parents during IPC process creation.
network
low complexity
mozilla canonical debian redhat CWE-287
critical
 10.0
10
2019-02-05 CVE-2018-18504 Out-of-bounds Read vulnerability in multiple products
A crash and out-of-bounds read can occur when the buffer of a texture client is freed while it is still in use during graphic operations.
network
low complexity
mozilla canonical CWE-125
critical
 9.8
9.8
2019-02-05 CVE-2018-18502 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Mozilla developers and community members reported memory safety bugs present in Firefox 64.
network
low complexity
mozilla canonical CWE-119
critical
 9.8
9.8
2019-02-05 CVE-2018-18501 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Mozilla developers and community members reported memory safety bugs present in Firefox 64 and Firefox ESR 60.4.
network
low complexity
mozilla canonical debian redhat CWE-119
critical
 9.8
9.8