| CVE-2018-5182 |
Low |
No |
Access restriction bypass |
If a text string that happens to be a filename in the operating system's native format is dragged and dropped onto the address bar of Firefox before 60.0,... |
| CVE-2018-5181 |
Low |
No |
Access restriction bypass |
If a URL using the file: protocol is dragged and dropped onto an open tab of Firefox before 60.0 that is running in a different child process the tab will... |
| CVE-2018-5180 |
Low |
Yes |
Arbitrary code execution |
A use-after-free vulnerability can occur during WebGL operations in Firefox before 60.0. While this results in a potentially exploitable crash, the... |
| CVE-2018-5177 |
Medium |
Yes |
Denial of service |
A vulnerability exists in the XSLT component of Firefox before 60.0, during number formatting where a negative buffer size may be allocated in some... |
| CVE-2018-5176 |
Medium |
Yes |
Information disclosure |
The JSON Viewer in Firefox before 60.0 displays clickable hyperlinks for strings that are parseable as URLs, including javascript: links. If a JSON file... |
| CVE-2018-5175 |
Medium |
Yes |
Access restriction bypass |
A mechanism to bypass Content Security Policy (CSP) protections on sites that have a script-src policy of 'strict-dynamic' has been found in Firefox < 60.0.... |
| CVE-2018-5173 |
Medium |
Yes |
Content spoofing |
The filename appearing in the Downloads panel in Firefox before 60.0 improperly renders some Unicode characters, allowing for the file name to be spoofed.... |
| CVE-2018-5172 |
Medium |
Yes |
Arbitrary code execution |
The Live Bookmarks page and the PDF viewer in Firefox before 60.0 can run injected script content if a user pastes script from the clipboard into them while... |
| CVE-2018-5169 |
Medium |
Yes |
Access restriction bypass |
If manipulated hyperlinked text with chrome: URL contained in it is dragged and dropped on the "home" icon in Firefox before 60.0, the home page can be... |
| CVE-2018-5168 |
Medium |
Yes |
Access restriction bypass |
Sites can bypass security checks on permissions to install lightweight themes in Firefox before 60.0 and Thunderbird before 52.8, by manipulating the... |
| CVE-2018-5167 |
Medium |
Yes |
Content spoofing |
The web console and JavaScript debugger in Firefox < 6.0.0 do not sanitize all output that can be hyperlinked. Both will display chrome: links as active,... |
| CVE-2018-5166 |
Medium |
Yes |
Access restriction bypass |
WebExtensions in Firefox before 60.0 can use request redirection and a filterReponseData filter to bypass host permission settings to redirect network... |
| CVE-2018-5164 |
Medium |
Yes |
Access restriction bypass |
A Content Security Policy (CSP) bypass has been found in Firefox < 60.0, where the CSP is not applied correctly to all parts of multipart content sent with... |
| CVE-2018-5163 |
Medium |
Yes |
Sandbox escape |
A sandbox escape vulnerability has been found in Firefox < 60.0. If a malicious attacker has used another vulnerability to gain full control over a content... |
| CVE-2018-5160 |
High |
Yes |
Arbitrary code execution |
A uninitialized memory use vulnerability has been found in the WebRTC component of Firefox < 60.0, which can use a WrappedI420Buffer pixel buffer whose... |
| CVE-2018-5159 |
High |
Yes |
Arbitrary code execution |
An integer overflow vulnerability has been found in the Skia library used in Firefox < 60.0 and Thunderbird < 52.8, due to 32-bit integer use in an array... |
| CVE-2018-5158 |
High |
Yes |
Arbitrary code execution |
A insufficient sanitization of Postscript calculator functions vulnerability has been found in the PDF viewer of Firefox < 60.0, allowing malicious... |
| CVE-2018-5157 |
High |
Yes |
Same-origin policy bypass |
A same-origin policy bypass vulnerability has been found in the PDF viewer of Firefox < 60.0, allowing a malicious site to intercept messages meant for the... |
| CVE-2018-5155 |
High |
Yes |
Arbitrary code execution |
A use-after-free vulnerability has been found in Firefox < 60.0 and Thunderbird < 52.8, while adjusting layout during SVG animations with text paths. |
| CVE-2018-5154 |
High |
Yes |
Arbitrary code execution |
A use-after-free vulnerability has been found in Firefox < 60.0 and Thunderbird < 52.8, while enumerating attributes during SVG animations with clip paths. |
| CVE-2018-5153 |
Medium |
Yes |
Information disclosure |
An information disclosure vulnerability has been found in Firefox < 60.0. If websocket data is sent with mixed text and binary in a single message, the... |
| CVE-2018-5152 |
Medium |
Yes |
Information disclosure |
An information disclosure vulnerability has been found in Firefox < 60.0. WebExtensions with the appropriate permissions can attach content scripts to... |
| CVE-2018-5151 |
Critical |
Yes |
Arbitrary code execution |
Several memory safety bugs has been found in Firefox before 60.0. Some of these bugs showed evidence of memory corruption and Mozilla presumes that with... |
| CVE-2018-5150 |
Critical |
Yes |
Arbitrary code execution |
Several memory safety bugs have been found in Firefox before 60.0 and Thunderbird before 52.8. Some of these bugs showed evidence of memory corruption and... |