Vulnerabilities > Mozilla > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-02-28 | CVE-2018-12398 | By using the reflected URL in some special resource URIs, such as chrome:, it is possible to inject stylesheets and bypass Content Security Policy (CSP). | 6.5 |
| 2019-02-28 | CVE-2018-12396 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products A vulnerability where a WebExtension can run content scripts in disallowed contexts following navigation or other events. | 6.5 |
| 2019-02-05 | CVE-2018-18506 | When proxy auto-detection is enabled, if a web server serves a Proxy Auto-Configuration (PAC) file or if a PAC file is loaded locally, this PAC file can specify that requests to the localhost are to be sent through the proxy to another server. | 5.9 |
| 2019-02-04 | CVE-2019-7317 | Use After Free vulnerability in multiple products png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute. | 5.3 |
| 2018-10-18 | CVE-2018-12383 | Insufficiently Protected Credentials vulnerability in multiple products If a user saved passwords before Firefox 58 and then later set a master password, an unencrypted copy of these passwords is still accessible. | 5.5 |
| 2018-10-18 | CVE-2018-12382 | Improper Input Validation vulnerability in Mozilla Firefox 62.0 The displayed addressbar URL can be spoofed on Firefox for Android using a javascript: URI in concert with JavaScript to insert text before the loaded domain name, scrolling the loaded domain out of view to the right. | 5.3 |
| 2018-10-18 | CVE-2018-12381 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Mozilla Firefox Manually dragging and dropping an Outlook email message into the browser will trigger a page navigation when the message's mail columns are incorrectly interpreted as a URL. | 5.3 |
| 2018-10-18 | CVE-2018-12374 | Information Exposure vulnerability in multiple products Plaintext of decrypted emails can leak through by user submitting an embedded form by pressing enter key within a text input field. | 4.3 |
| 2018-10-18 | CVE-2018-12373 | Information Exposure vulnerability in multiple products dDecrypted S/MIME parts hidden with CSS or the plaintext HTML tag can leak plaintext when included in a HTML reply/forward. | 6.5 |
| 2018-10-18 | CVE-2018-12372 | Information Exposure vulnerability in multiple products Decrypted S/MIME parts, when included in HTML crafted for an attack, can leak plaintext when included in a a HTML reply/forward. | 6.5 |