Vulnerabilities > Mozilla > Critical

DATE CVE VULNERABILITY TITLE RISK
2018-10-18 CVE-2018-12387 Improper Input Validation vulnerability in multiple products
A vulnerability where the JavaScript JIT compiler inlines Array.prototype.push with multiple arguments that results in the stack pointer being off by 8 bytes after a bailout.
network
low complexity
redhat debian canonical mozilla CWE-20
critical
 9.1
9.1
2018-10-18 CVE-2018-12378 Use After Free vulnerability in multiple products
A use-after-free vulnerability can occur when an IndexedDB index is deleted while still in use by JavaScript code that is providing payload values to be stored.
network
low complexity
redhat debian canonical mozilla CWE-416
critical
 9.8
9.8
2018-10-18 CVE-2018-12377 Use After Free vulnerability in multiple products
A use-after-free vulnerability can occur when refresh driver timers are refreshed in some circumstances during shutdown when the timer is deleted while still in use.
network
low complexity
redhat debian canonical mozilla CWE-416
critical
 9.8
9.8
2018-10-18 CVE-2018-12376 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Memory safety bugs present in Firefox 61 and Firefox ESR 60.1.
network
low complexity
redhat debian canonical mozilla CWE-119
critical
 9.8
9.8
2018-10-18 CVE-2018-12369 Incorrect Authorization vulnerability in multiple products
WebExtensions bundled with embedded experiments were not correctly checked for proper authorization.
network
low complexity
mozilla canonical CWE-863
critical
 9.8
9.8
2018-06-11 CVE-2018-5183 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Mozilla developers backported selected changes in the Skia library.
network
low complexity
redhat debian canonical mozilla CWE-119
critical
 9.8
9.8
2018-06-11 CVE-2018-5159 Integer Overflow or Wraparound vulnerability in multiple products
An integer overflow can occur in the Skia library due to 32-bit integer use in an array without integer overflow checks, resulting in possible out-of-bounds writes.
network
low complexity
debian redhat mozilla canonical CWE-190
critical
 9.8
9.8
2018-06-11 CVE-2018-5155 Use After Free vulnerability in multiple products
A use-after-free vulnerability can occur while adjusting layout during SVG animations with text paths.
network
low complexity
debian redhat mozilla canonical CWE-416
critical
 9.8
9.8
2018-06-11 CVE-2018-5154 Use After Free vulnerability in multiple products
A use-after-free vulnerability can occur while enumerating attributes during SVG animations with clip paths.
network
low complexity
debian redhat mozilla canonical CWE-416
critical
 9.8
9.8
2018-06-11 CVE-2018-5151 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Memory safety bugs were reported in Firefox 59.
network
low complexity
mozilla canonical CWE-119
critical
 9.8
9.8