60.0

DATE	CVE	VULNERABILITY TITLE	RISK
2019-02-28	CVE-2018-12392	When manipulating user events in nested loops while opening a document through script, it is possible to trigger a potentially exploitable crash due to poor event handling. network low complexity mozilla debian canonical redhat critical	9.8
2019-02-28	CVE-2018-12391	Incorrect Authorization vulnerability in Mozilla Firefox During HTTP Live Stream playback on Firefox for Android, audio data can be accessed across origins in violation of security policies. network low complexity mozilla CWE-863	8.8
2019-02-28	CVE-2018-12390	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Mozilla developers and community members reported memory safety bugs present in Firefox 62 and Firefox ESR 60.2. network low complexity mozilla debian canonical redhat CWE-119 critical	9.8
2019-02-28	CVE-2018-12389	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Mozilla developers and community members reported memory safety bugs present in Firefox ESR 60.2. network low complexity mozilla debian canonical redhat CWE-119	8.8
2019-02-05	CVE-2018-18505	Improper Authentication vulnerability in multiple products An earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079, added authentication to communication between IPC endpoints and server parents during IPC process creation. network low complexity mozilla canonical debian redhat CWE-287 critical	10.0
2019-02-05	CVE-2018-18501	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Mozilla developers and community members reported memory safety bugs present in Firefox 64 and Firefox ESR 60.4. network low complexity mozilla canonical debian redhat CWE-119 critical	9.8
2019-02-05	CVE-2018-18500	Use After Free vulnerability in multiple products A use-after-free vulnerability can occur while parsing an HTML5 stream in concert with custom HTML elements. network low complexity mozilla canonical debian redhat CWE-416 critical	9.8
2018-10-18	CVE-2018-12385	Improper Input Validation vulnerability in multiple products A potentially exploitable crash in TransportSecurityInfo used for SSL can be triggered by data stored in the local cache in the user profile directory. local high complexity redhat debian canonical mozilla CWE-20	7.0
2018-10-18	CVE-2018-12383	Insufficiently Protected Credentials vulnerability in multiple products If a user saved passwords before Firefox 58 and then later set a master password, an unencrypted copy of these passwords is still accessible. local low complexity redhat debian canonical mozilla CWE-522	5.5
2018-10-18	CVE-2018-12379	Out-of-bounds Write vulnerability in multiple products When the Mozilla Updater opens a MAR format file which contains a very long item filename, an out-of-bounds write can be triggered, leading to a potentially exploitable crash. local low complexity redhat debian mozilla CWE-787	7.8