Vulnerabilities > Mozilla > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-06-11 CVE-2018-5140 Information Exposure vulnerability in multiple products
Image for moz-icons can be accessed through the "moz-icon:" protocol through script in web content even when otherwise prohibited.
network
low complexity
mozilla canonical CWE-200
5.3
2018-06-11 CVE-2018-5138 Improper Input Validation vulnerability in Mozilla Firefox
A spoofing vulnerability can occur when a malicious site with an extremely long domain name is opened in an Android Custom Tab (a browser panel inside another app) and the default browser is Firefox for Android.
network
low complexity
mozilla CWE-20
5.3
2018-06-11 CVE-2018-5133 Information Exposure vulnerability in multiple products
If the "app.support.baseURL" preference is changed by a malicious local program to contain HTML and script content, this content is not sanitized.
network
low complexity
mozilla canonical CWE-200
6.5
2018-06-11 CVE-2018-5132 Information Exposure vulnerability in multiple products
The Find API for WebExtensions can search some privileged pages, such as "about:debugging", if these pages are open in a tab.
network
low complexity
mozilla canonical CWE-200
6.5
2018-06-11 CVE-2018-5131 Information Exposure vulnerability in multiple products
Under certain circumstances the "fetch()" API can return transient local copies of resources that were sent with a "no-store" or "no-cache" cache header instead of downloading a copy from the network as it should.
network
high complexity
debian mozilla redhat canonical CWE-200
5.9
2018-06-11 CVE-2018-5121 Improper Input Validation vulnerability in Mozilla Firefox
Low descenders on some Tibetan characters in several fonts on OS X are clipped when rendered in the addressbar.
network
low complexity
mozilla CWE-20
5.3
2018-06-11 CVE-2018-5119 Information Exposure vulnerability in multiple products
The reader view will display cross-origin content when CORS headers are set to prohibit the loading of cross-origin content by a site.
network
low complexity
mozilla canonical CWE-200
5.3
2018-06-11 CVE-2018-5118 Information Exposure vulnerability in multiple products
The screenshot images displayed in the Activity Stream page displayed when a new tab is opened is created from the meta tags of websites.
network
low complexity
mozilla canonical CWE-200
5.3
2018-06-11 CVE-2018-5117 If right-to-left text is used in the addressbar with left-to-right alignment, it is possible in some circumstances to scroll this text to spoof the displayed URL.
network
low complexity
debian redhat mozilla canonical
5.3
2018-06-11 CVE-2018-5114 Information Exposure vulnerability in multiple products
If an existing cookie is changed to be "HttpOnly" while a document is open, the original value remains accessible through script until that document is closed.
network
low complexity
mozilla canonical CWE-200
5.3