| CVE-2018-12371 |
Medium |
Yes |
Arbitrary code execution |
An integer overflow vulnerability has been found in the Skia library shipped with Firefox before 61.0 and Thunderbird before 60.0, when allocating memory... |
| CVE-2018-12370 |
Low |
Yes |
Access restriction bypass |
In the Reader View of Firefox before 61.0, SameSite cookie protections are not checked on exiting. This allows for a payload to be triggered when Reader... |
| CVE-2018-12369 |
Medium |
Yes |
Access restriction bypass |
WebExtensions bundled with embedded experiments were not correctly checked for proper authorization before Firefox 61.0. This allowed a malicious... |
| CVE-2018-12367 |
Medium |
Yes |
Information disclosure |
A security issue has been found in Firefox before 61.0 and Thunderbird before 60.0. In the previous mitigations for Spectre, the resolution or precision of... |
| CVE-2018-12366 |
Medium |
Yes |
Information disclosure |
An invalid grid size during QCMS (color profile) transformations can result in the out-of-bounds read interpreted as a float value, in Firefox before 61.0... |
| CVE-2018-12365 |
Medium |
No |
Information disclosure |
A security issue has been found in Firefox before 61.0 and Thunderbird before 52.9 where a compromised IPC child process can escape the content sandbox and... |
| CVE-2018-12364 |
High |
Yes |
Cross-site request forgery |
A security issue has been found in Firefox before 61.0 and Thunderbird before 52.9, where NPAPI plugins, such as Adobe Flash, can send non- simple... |
| CVE-2018-12363 |
High |
Yes |
Arbitrary code execution |
A use-after-free vulnerability can occur in Firefox before 61.0 and Thunderbird before 52.9 when script uses mutation events to move DOM nodes between... |
| CVE-2018-12362 |
High |
Yes |
Arbitrary code execution |
An integer overflow can occur in Firefox before 61.0 and Thunderbird before 52.9 during graphics operations done by the Supplemental Streaming SIMD... |
| CVE-2018-12361 |
Critical |
Yes |
Arbitrary code execution |
An integer overflow can occur in Firefox before 61.0 and Thunderbird before 60.0 in the SwizzleData code while calculating buffer sizes. The overflowed... |
| CVE-2018-12360 |
Critical |
Yes |
Arbitrary code execution |
A use-after-free vulnerability can occur in Firefox before 61.0 and Thunderbird before 52.9 when deleting an input element during a mutation event handler... |
| CVE-2018-12359 |
Critical |
Yes |
Arbitrary code execution |
A buffer overflow can occur in Firefox before 61.0 and Thunderbird before 52.9 when rendering canvas content while adjusting the height and width of the... |
| CVE-2018-12358 |
High |
Yes |
Same-origin policy bypass |
Service workers in Firefox before 61.0 can use redirection to avoid the tainting of cross-origin resources in some instances, allowing a malicious site to... |
| CVE-2018-12356 |
High |
Yes |
Arbitrary code execution |
An issue was discovered in password-store.sh in pass in Simple Password Store 1.7 through 1.7.1. The signature verification routine parses the output of... |
| CVE-2018-5188 |
Critical |
Yes |
Arbitrary code execution |
Several memory safety bugs have been found in Firefox before 61.0 and Thunderbird before 52.9. Some of these bugs showed evidence of memory corruption and... |
| CVE-2018-5187 |
Critical |
Yes |
Arbitrary code execution |
Several memory safety bugs have been found in Firefox before 61.0 and Thunderbird before 60.0. Some of these bugs showed evidence of memory corruption and... |
| CVE-2018-5186 |
Critical |
Yes |
Arbitrary code execution |
Several memory safety bugs have been found in Firefox before 61.0. Some of these bugs showed evidence of memory corruption and Mozilla presumes that with... |