Vulnerabilities (CVE)

Vendor filter

Mozilla Subscribe

Product filter

Firefox Subscribe

Filter

1799 total CVE
CVE Vendors Products Updated CVSS
CVE-2018-18506 2 Mozilla, Canonical 2 Firefox, Ubuntu Linux 2019-03-21 4.3
When proxy auto-detection is enabled, if a web server serves a Proxy Auto-Configuration (PAC) file or if a PAC file is loaded locally, this PAC file can specify that requests to the localhost are to be sent through the proxy to another server....
CVE-2018-18505 4 Mozilla, Canonical, Debian and 1 more 11 Firefox, Firefox Esr, Thunderbird and 8 more 2019-03-13 7.5
An earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079, added authentication to communication between IPC endpoints and server parents during IPC process creation. This authentication is insufficient for channels...
CVE-2018-18501 4 Mozilla, Canonical, Debian and 1 more 10 Firefox, Firefox Esr, Thunderbird and 7 more 2019-03-13 7.5
Mozilla developers and community members reported memory safety bugs present in Firefox 64 and Firefox ESR 60.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited...
CVE-2018-5150 4 Mozilla, Canonical, Debian and 1 more 12 Firefox, Firefox Esr, Thunderbird and 9 more 2019-03-13 7.5
Memory safety bugs were reported in Firefox 59, Firefox ESR 52.7, and Thunderbird 52.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code....
CVE-2018-5157 4 Mozilla, Canonical, Debian and 1 more 10 Firefox, Firefox Esr, Ubuntu Linux and 7 more 2019-03-13 5.0
Same-origin protections for the PDF viewer can be bypassed, allowing a malicious site to intercept messages meant for the viewer. This could allow the site to retrieve PDF files restricted to viewing by an authenticated user on a third-party...
CVE-2018-5158 4 Mozilla, Debian, Redhat and 1 more 11 Firefox, Firefox Esr, Debian Linux and 8 more 2019-03-13 6.8
The PDF viewer does not sufficiently sanitize PostScript calculator functions, allowing malicious JavaScript to be injected through a crafted PDF file. This JavaScript can then be run with the permissions of the PDF viewer by its worker. This...
CVE-2018-5168 4 Mozilla, Canonical, Debian and 1 more 13 Firefox, Firefox Esr, Thunderbird and 10 more 2019-03-13 5.0
Sites can bypass security checks on permissions to install lightweight themes by manipulating the "baseURI" property of the theme element. This could allow a malicious site to install a theme without user interaction which could contain offensive...
CVE-2018-12405 4 Mozilla, Canonical, Debian and 1 more 11 Firefox, Firefox Esr, Thunderbird and 8 more 2019-03-12 7.5
Mozilla developers and community members reported memory safety bugs present in Firefox 63 and Firefox ESR 60.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited...
CVE-2018-5146 4 Mozilla, Canonical, Debian and 1 more 13 Firefox, Firefox Esr, Thunderbird and 10 more 2019-03-11 6.8
An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest. This vulnerability affects Firefox < 59.0.1, Firefox ESR < 52.7.2, and Thunderbird < 52.7.
CVE-2018-18500 4 Mozilla, Canonical, Debian and 1 more 11 Firefox, Firefox Esr, Thunderbird and 8 more 2019-03-11 7.5
A use-after-free vulnerability can occur while parsing an HTML5 stream in concert with custom HTML elements. This results in the stream parser object being freed while still in use, leading to a potentially exploitable crash. This vulnerability...
CVE-2018-5154 4 Mozilla, Canonical, Debian and 1 more 12 Firefox, Firefox Esr, Thunderbird and 9 more 2019-03-11 7.5
A use-after-free vulnerability can occur while enumerating attributes during SVG animations with clip paths. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and...
CVE-2018-5155 4 Mozilla, Canonical, Debian and 1 more 12 Firefox, Firefox Esr, Thunderbird and 9 more 2019-03-11 7.5
A use-after-free vulnerability can occur while adjusting layout during SVG animations with text paths. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and...
CVE-2018-5159 4 Mozilla, Canonical, Debian and 1 more 12 Firefox, Firefox Esr, Thunderbird and 9 more 2019-03-11 7.5
An integer overflow can occur in the Skia library due to 32-bit integer use in an array without integer overflow checks, resulting in possible out-of-bounds writes. This could lead to a potentially exploitable crash triggerable by web content....
CVE-2018-18493 4 Mozilla, Canonical, Debian and 1 more 11 Firefox, Firefox Esr, Thunderbird and 8 more 2019-03-11 7.5
A buffer overflow can occur in the Skia library during buffer offset calculations with hardware accelerated canvas 2D actions due to the use of 32-bit calculations instead of 64-bit. This results in a potentially exploitable crash. This...
CVE-2018-18494 4 Mozilla, Canonical, Debian and 1 more 11 Firefox, Firefox Esr, Thunderbird and 8 more 2019-03-11 4.3
A same-origin policy violation allowing the theft of cross-origin URL entries when using the Javascript location property to cause a redirection to another site using performance.getEntries(). This is a same-origin policy violation and could...
CVE-2018-18492 4 Mozilla, Canonical, Debian and 1 more 11 Firefox, Firefox Esr, Thunderbird and 8 more 2019-03-11 7.5
A use-after-free vulnerability can occur after deleting a selection element due to a weak reference to the select element in the options collection. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.4,...
CVE-2018-18498 4 Mozilla, Canonical, Debian and 1 more 11 Firefox, Firefox Esr, Thunderbird and 8 more 2019-03-11 7.5
A potential vulnerability leading to an integer overflow can occur during buffer size calculations for images when a raw value is used instead of the checked value. This leads to a possible out-of-bounds write. This vulnerability affects...
CVE-2016-1950 5 Mozilla, Apple, Oracle and 2 more 15 Glassfish Server, Firefox Esr, Iplanet Web Proxy Server and 12 more 2019-03-08 6.8
Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code...
CVE-2018-5125 4 Mozilla, Canonical, Debian and 1 more 8 Firefox, Firefox Esr, Thunderbird and 5 more 2019-03-08 6.8
Memory safety bugs were reported in Firefox 58 and Firefox ESR 52.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability...
CVE-2018-5127 4 Mozilla, Canonical, Debian and 1 more 10 Firefox, Firefox Esr, Thunderbird and 7 more 2019-03-08 6.8
A buffer overflow can occur when manipulating the SVG "animatedPathSegList" through script. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.7, Firefox ESR < 52.7, and Firefox < 59.