Vulnerabilities > Mozilla > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-04-26 | CVE-2018-5179 | Missing Release of Resource after Effective Lifetime vulnerability in Mozilla Firefox A service worker can send the activate event on itself periodically which allows it to run perpetually, allowing it to monitor activity by users. | 7.5 |
| 2019-04-15 | CVE-2017-7777 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Use of uninitialized memory in Graphite2 library in Firefox before 54 in graphite2::GlyphCache::Loader::read_glyph function. | 8.8 |
| 2019-04-15 | CVE-2017-7776 | Out-of-bounds Read vulnerability in multiple products Heap-based Buffer Overflow read in Graphite2 library in Firefox before 54 in graphite2::Silf::getClassGlyph. | 8.1 |
| 2019-04-15 | CVE-2017-7773 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Heap-based Buffer Overflow write in Graphite2 library in Firefox before 54 in lz4::decompress src/Decompressor. | 8.8 |
| 2019-04-15 | CVE-2017-7771 | Out-of-bounds Read vulnerability in multiple products Out-of-bounds read in Graphite2 Library in Firefox before 54 in graphite2::Pass::readPass function. | 8.1 |
| 2019-04-12 | CVE-2017-7772 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Heap-based Buffer Overflow in Graphite2 library in Firefox before 54 in lz4::decompress function. | 8.8 |
| 2019-02-28 | CVE-2018-18496 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Mozilla Firefox When the RSS Feed preview about:feeds page is framed within another page, it can be used in concert with scripted content for a clickjacking attack that confuses users into downloading and executing an executable file from a temporary directory. | 8.8 |
| 2019-02-28 | CVE-2018-12406 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Mozilla developers and community members reported memory safety bugs present in Firefox 63. | 8.8 |
| 2019-02-28 | CVE-2018-12401 | Improper Input Validation vulnerability in multiple products Some special resource URIs will cause a non-exploitable crash if loaded with optional parameters following a '?' in the parsed string. | 7.5 |
| 2019-02-28 | CVE-2018-12397 | Information Exposure vulnerability in multiple products A WebExtension can request access to local files without the warning prompt stating that the extension will "Access your data for all websites" being displayed to the user. | 7.1 |