Vulnerabilities > Mozilla > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-04-26 CVE-2019-9808 Origin Validation Error vulnerability in Mozilla Firefox
If WebRTC permission is requested from documents with data: or blob: URLs, the permission notifications do not properly display the originating domain.
network
low complexity
mozilla CWE-346
5.3
2019-04-26 CVE-2019-9807 Improper Input Validation vulnerability in Mozilla Firefox
When arbitrary text is sent over an FTP connection and a page reload is initiated, it is possible to create a modal alert message with this text as the content.
network
low complexity
mozilla CWE-20
4.3
2019-04-26 CVE-2019-9801 Improper Input Validation vulnerability in Mozilla Firefox
Firefox will accept any registered Program ID as an external protocol handler and offer to launch this local application when given a matching URL on Windows operating systems.
network
low complexity
mozilla CWE-20
5.3
2019-04-26 CVE-2019-9797 Origin Validation Error vulnerability in Mozilla Firefox
Cross-origin images can be read in violation of the same-origin policy by exporting an image after using createImageBitmap to read the image and then rendering the resulting bitmap image within a canvas element.
network
low complexity
mozilla CWE-346
5.3
2019-04-26 CVE-2019-9793 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mozilla Firefox
A mechanism was discovered that removes some bounds checking for string, array, or typed array accesses if Spectre mitigations have been disabled.
network
high complexity
mozilla CWE-119
5.9
2019-04-26 CVE-2018-5124 Cross-site Scripting vulnerability in Mozilla Firefox
Unsanitized output in the browser UI leaves HTML tags in place and can result in arbitrary code execution in Firefox before version 58.0.1.
network
low complexity
mozilla CWE-79
6.1
2019-04-26 CVE-2018-18511 Information Exposure vulnerability in Mozilla Firefox 65.0
Cross-origin images can be read from a canvas element in violation of the same-origin policy using the transferFromImageBitmap method.
network
low complexity
mozilla CWE-200
4.3
2019-04-26 CVE-2018-18510 Unspecified vulnerability in Mozilla Firefox
The about:crashcontent and about:crashparent pages can be triggered by web content.
network
low complexity
mozilla
6.5
2019-04-26 CVE-2018-18509 Improper Verification of Cryptographic Signature vulnerability in Mozilla Thunderbird
A flaw during verification of certain S/MIME signatures causes emails to be shown in Thunderbird as having a valid digital signature, even if the shown message contents aren't covered by the signature.
network
low complexity
mozilla CWE-347
5.3
2019-03-07 CVE-2018-14498 Out-of-bounds Read vulnerability in multiple products
get_8bit_row in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJPEG through 3.3.1 allows attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted 8-bit BMP in which one or more of the color indices is out of range for the number of palette entries.
6.5