Max CVSS 7.5 Min CVSS 3.6 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2018-18505 7.5
An earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079, added authentication to communication between IPC endpoints and server parents during IPC process creation. This authentication is insufficient for channels created
03-10-2019 - 00:03 05-02-2019 - 21:29
CVE-2019-11698 5.0
If a crafted hyperlink is dragged and dropped to the bookmark bar or sidebar and the resulting bookmark is subsequently dragged and dropped into the web content area, an arbitrary query of a user's browser history can be run and transmitted to the co
29-07-2019 - 00:06 23-07-2019 - 14:15
CVE-2019-5785 4.3
Incorrect convexity calculations in Skia in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.
01-07-2019 - 18:32 27-06-2019 - 17:15
CVE-2019-9796 7.5
A use-after-free vulnerability can occur when the SMIL animation controller incorrectly registers with the refresh driver twice when only a single registration is expected. When a registration is later freed with the removal of the animation controll
26-06-2019 - 15:31 26-04-2019 - 17:29
CVE-2019-9813 6.8
Incorrect handling of __proto__ mutations may lead to type confusion in IonMonkey JIT code and can be leveraged for arbitrary memory read and write. This vulnerability affects Firefox < 66.0.1, Firefox ESR < 60.6.1, and Thunderbird < 60.6.1.
13-05-2019 - 10:29 26-04-2019 - 17:29
CVE-2018-5145 7.5
Memory safety bugs were reported in Firefox ESR 52.6. These bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 52.7 an
13-03-2019 - 13:44 11-06-2018 - 21:29
CVE-2018-5183 7.5
Mozilla developers backported selected changes in the Skia library. These changes correct memory corruption issues including invalid buffer reads and writes during graphic operations. This vulnerability affects Thunderbird ESR < 52.8, Thunderbird < 5
13-03-2019 - 13:24 11-06-2018 - 21:29
CVE-2018-18498 7.5
A potential vulnerability leading to an integer overflow can occur during buffer size calculations for images when a raw value is used instead of the checked value. This leads to a possible out-of-bounds write. This vulnerability affects Thunderbird
11-03-2019 - 14:59 28-02-2019 - 18:29
CVE-2018-12397 3.6
A WebExtension can request access to local files without the warning prompt stating that the extension will "Access your data for all websites" being displayed to the user. This allows extensions to run content scripts in local pages without permissi
01-03-2019 - 15:00 28-02-2019 - 18:29
CVE-2018-12385 4.4
A potentially exploitable crash in TransportSecurityInfo used for SSL can be triggered by data stored in the local cache in the user profile directory. This issue is only exploitable in combination with another vulnerability allowing an attacker to w
06-12-2018 - 19:03 18-10-2018 - 13:29
CVE-2018-12387 6.4
A vulnerability where the JavaScript JIT compiler inlines Array.prototype.push with multiple arguments that results in the stack pointer being off by 8 bytes after a bailout. This leaks a memory address to the calling function which can be used as pa
06-12-2018 - 18:38 18-10-2018 - 13:29
CVE-2018-12379 4.6
When the Mozilla Updater opens a MAR format file which contains a very long item filename, an out-of-bounds write can be triggered, leading to a potentially exploitable crash. This requires running the Mozilla Updater manually on the local system wit
06-12-2018 - 18:10 18-10-2018 - 13:29
CVE-2018-12366 4.3
An invalid grid size during QCMS (color profile) transformations can result in the out-of-bounds read interpreted as a float value. This could leak private data into the output. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox
03-12-2018 - 20:09 18-10-2018 - 13:29
CVE-2017-5428 7.5
An integer overflow in "createImageBitmap()" was reported through the Pwn2Own contest. The fix for this vulnerability disables the experimental extensions to the "createImageBitmap" API. This function runs in the content sandbox, requiring a second v
09-08-2018 - 15:27 11-06-2018 - 21:29
CVE-2018-5148 7.5
A use-after-free vulnerability can occur in the compositor during certain graphics operations when a raw pointer is used instead of a reference counted one. This results in a potentially exploitable crash. This vulnerability affects Firefox ESR < 52.
09-08-2018 - 14:26 11-06-2018 - 21:29
CVE-2017-5469 7.5
Fixed potential buffer overflows in generated Firefox code due to CVE-2016-6354 issue in Flex. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
07-08-2018 - 18:44 11-06-2018 - 21:29
CVE-2017-5410 7.5
Memory corruption resulting in a potentially exploitable crash during garbage collection of JavaScript due errors in how incremental sweeping is managed for memory cleanup. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52
07-08-2018 - 13:20 11-06-2018 - 21:29
Back to Top Mark selected
Back to Top