Vulnerabilities > Mozilla > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-04-26 | CVE-2019-9801 | Improper Input Validation vulnerability in Mozilla Firefox Firefox will accept any registered Program ID as an external protocol handler and offer to launch this local application when given a matching URL on Windows operating systems. | 5.3 |
| 2019-04-26 | CVE-2019-9797 | Origin Validation Error vulnerability in Mozilla Firefox Cross-origin images can be read in violation of the same-origin policy by exporting an image after using createImageBitmap to read the image and then rendering the resulting bitmap image within a canvas element. | 5.3 |
| 2019-04-26 | CVE-2019-9793 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mozilla Firefox A mechanism was discovered that removes some bounds checking for string, array, or typed array accesses if Spectre mitigations have been disabled. | 5.9 |
| 2019-04-26 | CVE-2018-5124 | Cross-site Scripting vulnerability in Mozilla Firefox Unsanitized output in the browser UI leaves HTML tags in place and can result in arbitrary code execution in Firefox before version 58.0.1. | 6.1 |
| 2019-04-26 | CVE-2018-18511 | Information Exposure vulnerability in Mozilla Firefox 65.0 Cross-origin images can be read from a canvas element in violation of the same-origin policy using the transferFromImageBitmap method. | 4.3 |
| 2019-04-26 | CVE-2018-18510 | Unspecified vulnerability in Mozilla Firefox The about:crashcontent and about:crashparent pages can be triggered by web content. | 6.5 |
| 2019-04-26 | CVE-2018-18509 | Improper Verification of Cryptographic Signature vulnerability in Mozilla Thunderbird A flaw during verification of certain S/MIME signatures causes emails to be shown in Thunderbird as having a valid digital signature, even if the shown message contents aren't covered by the signature. | 5.3 |
| 2019-03-07 | CVE-2018-14498 | Out-of-bounds Read vulnerability in multiple products get_8bit_row in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJPEG through 3.3.1 allows attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted 8-bit BMP in which one or more of the color indices is out of range for the number of palette entries. | 6.5 |
| 2019-02-28 | CVE-2018-18499 | Origin Validation Error vulnerability in Mozilla Firefox A same-origin policy violation allowing the theft of cross-origin URL entries when using a meta http-equiv="refresh" on a page to cause a redirection to another site using performance.getEntries(). | 6.5 |
| 2019-02-28 | CVE-2018-18497 | Limitations on the URIs allowed to WebExtensions by the browser.windows.create API can be bypassed when a pipe in the URL field is used within the extension to load multiple pages as a single argument. | 6.5 |