Vulnerabilities > Mozilla > High

DATE CVE VULNERABILITY TITLE RISK
2018-06-11 CVE-2018-5184 Inadequate Encryption Strength vulnerability in multiple products
Using remote content in encrypted messages can lead to the disclosure of plaintext.
network
low complexity
debian mozilla canonical redhat CWE-326
7.5
2018-06-11 CVE-2018-5182 Information Exposure vulnerability in multiple products
If a text string that happens to be a filename in the operating system's native format is dragged and dropped onto the addressbar the specified local file will be opened.
network
low complexity
canonical mozilla CWE-200
7.5
2018-06-11 CVE-2018-5181 Information Exposure vulnerability in multiple products
If a URL using the "file:" protocol is dragged and dropped onto an open tab that is running in a different child process the tab will open a local file corresponding to the dropped URL, contrary to policy.
network
low complexity
canonical mozilla CWE-200
7.5
2018-06-11 CVE-2018-5180 Use After Free vulnerability in multiple products
A use-after-free vulnerability can occur during WebGL operations.
network
low complexity
mozilla canonical CWE-416
7.5
2018-06-11 CVE-2018-5178 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
A buffer overflow was found during UTF8 to Unicode string conversion within JavaScript with extremely large amounts of data.
network
high complexity
debian mozilla canonical redhat CWE-119
8.1
2018-06-11 CVE-2018-5177 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
A vulnerability exists in XSLT during number formatting where a negative buffer size may be allocated in some instances, leading to a buffer overflow and crash if it occurs.
network
low complexity
canonical mozilla CWE-119
7.5
2018-06-11 CVE-2018-5174 Unspecified vulnerability in Mozilla products
In the Windows 10 April 2018 Update, Windows Defender SmartScreen honors the "SEE_MASK_FLAG_NO_UI" flag associated with downloaded files and will not show any UI.
network
low complexity
mozilla
7.5
2018-06-11 CVE-2018-5166 Improper Privilege Management vulnerability in multiple products
WebExtensions can use request redirection and a "filterReponseData" filter to bypass host permission settings to redirect network traffic and access content from a host for which they do not have explicit user permission.
network
low complexity
canonical mozilla CWE-269
7.5
2018-06-11 CVE-2018-5163 Improper Preservation of Permissions vulnerability in multiple products
If a malicious attacker has used another vulnerability to gain full control over a content process, they may be able to replace the alternate data resources stored in the JavaScript Start-up Bytecode Cache (JSBC) for other JavaScript code.
network
high complexity
canonical mozilla CWE-281
8.1
2018-06-11 CVE-2018-5162 Missing Encryption of Sensitive Data vulnerability in multiple products
Plaintext of decrypted emails can leak through the src attribute of remote images, or links.
network
low complexity
redhat debian canonical mozilla CWE-311
7.5