Vulnerabilities > Mozilla > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-11 | CVE-2018-5153 | Out-of-bounds Read vulnerability in multiple products If websocket data is sent with mixed text and binary in a single message, the binary data can be corrupted. | 7.5 |
| 2018-06-11 | CVE-2018-5146 | Out-of-bounds Write vulnerability in multiple products An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest. | 8.8 |
| 2018-06-11 | CVE-2018-5144 | Integer Overflow or Wraparound vulnerability in multiple products An integer overflow can occur during conversion of text to some Unicode character sets due to an unchecked length parameter. | 7.3 |
| 2018-06-11 | CVE-2018-5141 | Improper Input Validation vulnerability in multiple products A vulnerability in the notifications Push API where notifications can be sent through service workers by web content without direct user interaction. | 8.2 |
| 2018-06-11 | CVE-2018-5137 | Information Exposure vulnerability in multiple products A legacy extension's non-contentaccessible, defined resources can be loaded by an arbitrary web page through script. | 7.5 |
| 2018-06-11 | CVE-2018-5136 | Improper Input Validation vulnerability in multiple products A shared worker created from a "data:" URL in one tab can be shared by another tab with a different origin, bypassing the same-origin policy. | 7.5 |
| 2018-06-11 | CVE-2018-5135 | Missing Authorization vulnerability in Mozilla Firefox WebExtensions can bypass normal restrictions in some circumstances and use "browser.tabs.executeScript" to inject scripts into contexts where this should not be allowed, such as pages from other WebExtensions or unprivileged "about:" pages. | 7.5 |
| 2018-06-11 | CVE-2018-5134 | Information Exposure vulnerability in Mozilla Firefox WebExtensions may use "view-source:" URLs to view local "file:" URL content, as well as content stored in "about:cache", bypassing restrictions that only allow WebExtensions to view specific content. | 7.5 |
| 2018-06-11 | CVE-2018-5130 | Improper Input Validation vulnerability in multiple products When packets with a mismatched RTP payload type are sent in WebRTC connections, in some circumstances a potentially exploitable crash is triggered. | 8.8 |
| 2018-06-11 | CVE-2018-5129 | Out-of-bounds Write vulnerability in multiple products A lack of parameter validation on IPC messages results in a potential out-of-bounds write through malformed IPC messages. | 8.6 |