CVE-2018-12376
- EPSS 3.15%
- Veröffentlicht 18.10.2018 13:29:04
- Zuletzt bearbeitet 25.11.2025 17:50:16
Memory safety bugs present in Firefox 61 and Firefox ESR 60.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Fire...
CVE-2018-12377
- EPSS 3.36%
- Veröffentlicht 18.10.2018 13:29:04
- Zuletzt bearbeitet 25.11.2025 17:50:16
A use-after-free vulnerability can occur when refresh driver timers are refreshed in some circumstances during shutdown when the timer is deleted while still in use. This results in a potentially exploitable crash. This vulnerability affects Firefox ...
CVE-2018-12367
- EPSS 1.99%
- Veröffentlicht 18.10.2018 13:29:03
- Zuletzt bearbeitet 25.11.2025 17:50:16
In the previous mitigations for Spectre, the resolution or precision of various methods was reduced to counteract the ability to measure precise time intervals. In that work PerformanceNavigationTiming was not adjusted but it was found that it could ...
CVE-2018-12369
- EPSS 2.52%
- Veröffentlicht 18.10.2018 13:29:03
- Zuletzt bearbeitet 25.11.2025 17:50:16
WebExtensions bundled with embedded experiments were not correctly checked for proper authorization. This allowed a malicious WebExtension to gain full browser permissions. This vulnerability affects Firefox ESR < 60.1 and Firefox < 61.
CVE-2018-12370
- EPSS 1.13%
- Veröffentlicht 18.10.2018 13:29:03
- Zuletzt bearbeitet 21.11.2024 03:45:04
In Reader View SameSite cookie protections are not checked on exiting. This allows for a payload to be triggered when Reader View is exited if loaded by a malicious site while Reader mode is active, bypassing CSRF protections. This vulnerability affe...
CVE-2018-12372
- EPSS 2.47%
- Veröffentlicht 18.10.2018 13:29:03
- Zuletzt bearbeitet 21.11.2024 03:45:04
Decrypted S/MIME parts, when included in HTML crafted for an attack, can leak plaintext when included in a a HTML reply/forward. This vulnerability affects Thunderbird < 52.9.
CVE-2018-12364
- EPSS 1.82%
- Veröffentlicht 18.10.2018 13:29:02
- Zuletzt bearbeitet 21.11.2024 03:45:03
NPAPI plugins, such as Adobe Flash, can send non-simple cross-origin requests, bypassing CORS by making a same-origin POST that does a 307 redirect to the target site. This allows for a malicious site to engage in cross-site request forgery (CSRF) at...
CVE-2018-12365
- EPSS 3.16%
- Veröffentlicht 18.10.2018 13:29:02
- Zuletzt bearbeitet 21.11.2024 03:45:03
A compromised IPC child process can escape the content sandbox and list the names of arbitrary files on the file system without user consent or interaction. This could result in exposure of private local files. This vulnerability affects Thunderbird ...
CVE-2018-12366
- EPSS 3.16%
- Veröffentlicht 18.10.2018 13:29:02
- Zuletzt bearbeitet 21.11.2024 03:45:03
An invalid grid size during QCMS (color profile) transformations can result in the out-of-bounds read interpreted as a float value. This could leak private data into the output. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox...
CVE-2018-12361
- EPSS 2.82%
- Veröffentlicht 18.10.2018 13:29:01
- Zuletzt bearbeitet 21.11.2024 03:45:03
An integer overflow can occur in the SwizzleData code while calculating buffer sizes. The overflowed value is used for subsequent graphics computations when their inputs are not sanitized which results in a potentially exploitable crash. This vulnera...