Vulnerabilities > Mozilla > High

DATE CVE VULNERABILITY TITLE RISK
2019-02-28 CVE-2018-12397 Information Exposure vulnerability in multiple products
A WebExtension can request access to local files without the warning prompt stating that the extension will "Access your data for all websites" being displayed to the user.
local
low complexity
mozilla redhat debian canonical CWE-200
7.1
2019-02-28 CVE-2018-12395 By rewriting the Host: request headers using the webRequest API, a WebExtension can bypass domain restrictions through domain fronting.
network
low complexity
mozilla debian canonical redhat
7.5
2019-02-28 CVE-2018-12393 Integer Overflow or Wraparound vulnerability in multiple products
A potential vulnerability was found in 32-bit builds where an integer overflow during the conversion of scripts to an internal UTF-16 representation could result in allocating a buffer too small for the conversion.
network
low complexity
mozilla debian canonical redhat CWE-190
7.5
2019-02-28 CVE-2018-12391 Incorrect Authorization vulnerability in Mozilla Firefox
During HTTP Live Stream playback on Firefox for Android, audio data can be accessed across origins in violation of security policies.
network
low complexity
mozilla CWE-863
8.8
2019-02-28 CVE-2018-12389 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Mozilla developers and community members reported memory safety bugs present in Firefox ESR 60.2.
network
low complexity
mozilla debian canonical redhat CWE-119
8.8
2019-02-28 CVE-2018-12388 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Mozilla developers and community members reported memory safety bugs present in Firefox 62.
network
low complexity
mozilla canonical CWE-119
8.8
2019-02-05 CVE-2018-18503 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
When JavaScript is used to create and manipulate an audio buffer, a potentially exploitable crash may occur because of a compartment mismatch in some situations.
network
low complexity
mozilla canonical CWE-119
8.8
2018-10-18 CVE-2018-12386 Incorrect Type Conversion or Cast vulnerability in multiple products
A vulnerability in register allocation in JavaScript can lead to type confusion, allowing for an arbitrary read and write.
network
low complexity
redhat debian canonical mozilla CWE-704
8.1
2018-10-18 CVE-2018-12385 Improper Input Validation vulnerability in multiple products
A potentially exploitable crash in TransportSecurityInfo used for SSL can be triggered by data stored in the local cache in the user profile directory.
local
high complexity
redhat debian canonical mozilla CWE-20
7.0
2018-10-18 CVE-2018-12379 Out-of-bounds Write vulnerability in multiple products
When the Mozilla Updater opens a MAR format file which contains a very long item filename, an out-of-bounds write can be triggered, leading to a potentially exploitable crash.
local
low complexity
redhat debian mozilla CWE-787
7.8