CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Mozilla » Firefox : Security Vulnerabilities Published In 2018 (Overflow)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2018-5177 119 Overflow 2018-06-11 2018-08-03
5.0
None Remote Low Not required None None Partial
A vulnerability exists in XSLT during number formatting where a negative buffer size may be allocated in some instances, leading to a buffer overflow and crash if it occurs. This vulnerability affects Firefox < 60.
2 CVE-2018-5160 119 Overflow 2018-06-11 2018-08-03
5.0
None Remote Low Not required None None Partial
WebRTC can use a "WrappedI420Buffer" pixel buffer but the owning image object can be freed while it is still in use. This can result in the WebRTC encoder using uninitialized memory, leading to a potentially exploitable crash. This vulnerability affects Firefox < 60.
3 CVE-2018-5159 787 Overflow 2018-06-11 2018-08-03
7.5
None Remote Low Not required Partial Partial Partial
An integer overflow can occur in the Skia library due to 32-bit integer use in an array without integer overflow checks, resulting in possible out-of-bounds writes. This could lead to a potentially exploitable crash triggerable by web content. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8.
4 CVE-2018-5151 119 Overflow Mem. Corr. 2018-06-11 2018-08-03
10.0
None Remote Low Not required Complete Complete Complete
Memory safety bugs were reported in Firefox 59. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 60.
5 CVE-2018-5150 119 Overflow Mem. Corr. 2018-06-11 2018-08-07
7.5
None Remote Low Not required Partial Partial Partial
Memory safety bugs were reported in Firefox 59, Firefox ESR 52.7, and Thunderbird 52.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8.
6 CVE-2018-5127 119 Overflow 2018-06-11 2018-08-09
6.8
None Remote Medium Not required Partial Partial Partial
A buffer overflow can occur when manipulating the SVG "animatedPathSegList" through script. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.7, Firefox ESR < 52.7, and Firefox < 59.
7 CVE-2018-5126 119 Overflow Mem. Corr. 2018-06-11 2018-08-06
7.5
None Remote Low Not required Partial Partial Partial
Memory safety bugs were reported in Firefox 58. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 59.
8 CVE-2018-5125 119 Overflow Mem. Corr. 2018-06-11 2018-08-09
6.8
None Remote Medium Not required Partial Partial Partial
Memory safety bugs were reported in Firefox 58 and Firefox ESR 52.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.7, Firefox ESR < 52.7, and Firefox < 59.
9 CVE-2018-5122 190 Overflow 2018-06-11 2018-06-25
7.5
None Remote Low Not required Partial Partial Partial
A potential integer overflow in the "DoCrypt" function of WebCrypto was identified. If a means was found of exploiting it, it could result in an out-of-bounds write. This vulnerability affects Firefox < 58.
10 CVE-2018-5095 190 Overflow 2018-06-11 2018-08-03
7.5
None Remote Low Not required Partial Partial Partial
An integer overflow vulnerability in the Skia library when allocating memory for edge builders on some systems with at least 8 GB of RAM. This results in the use of uninitialized memory, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58.
11 CVE-2018-5094 119 Overflow 2018-06-11 2018-06-25
5.0
None Remote Low Not required None None Partial
A heap buffer overflow vulnerability may occur in WebAssembly when "shrinkElements" is called followed by garbage collection on memory that is now uninitialized. This results in a potentially exploitable crash. This vulnerability affects Firefox < 58.
12 CVE-2018-5093 119 Overflow 2018-06-11 2018-06-25
5.0
None Remote Low Not required None None Partial
A heap buffer overflow vulnerability may occur in WebAssembly during Memory/Table resizing, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 58.
13 CVE-2018-5090 119 Overflow Mem. Corr. 2018-06-11 2018-06-25
10.0
None Remote Low Not required Complete Complete Complete
Memory safety bugs were reported in Firefox 57. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 58.
14 CVE-2018-5089 119 Overflow Mem. Corr. 2018-06-11 2018-08-03
7.5
None Remote Low Not required Partial Partial Partial
Memory safety bugs were reported in Firefox 57 and Firefox ESR 52.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58.
15 CVE-2017-7845 119 Overflow 2018-06-11 2018-08-09
9.3
None Remote Medium Not required Complete Complete Complete
A buffer overflow occurs when drawing and validating elements using Direct 3D 9 with the ANGLE graphics library, used for WebGL content. This is due to an incorrect value being passed within the library during checks and results in a potentially exploitable crash. Note: This attack only affects Windows operating systems. Other operating systems are unaffected. This vulnerability affects Thunderbird < 52.5.2, Firefox ESR < 52.5.2, and Firefox < 57.0.2.
16 CVE-2017-7827 119 Overflow Mem. Corr. 2018-06-11 2018-06-25
10.0
None Remote Low Not required Complete Complete Complete
Memory safety bugs were reported in Firefox 56. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 57.
17 CVE-2017-7826 119 Overflow Mem. Corr. 2018-06-11 2018-08-01
10.0
None Remote Low Not required Complete Complete Complete
Memory safety bugs were reported in Firefox 56 and Firefox ESR 52.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 57, Firefox ESR < 52.5, and Thunderbird < 52.5.
18 CVE-2017-7824 119 Overflow 2018-06-11 2018-08-09
7.5
None Remote Low Not required Partial Partial Partial
A buffer overflow occurs when drawing and validating elements with the ANGLE graphics library, used for WebGL content. This is due to an incorrect value being passed within the library during checks and results in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4.
19 CVE-2017-7811 119 Overflow Mem. Corr. 2018-06-11 2018-07-30
10.0
None Remote Low Not required Complete Complete Complete
Memory safety bugs were reported in Firefox 55. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 56.
20 CVE-2017-7810 119 Overflow Mem. Corr. 2018-06-11 2018-08-01
10.0
None Remote Low Not required Complete Complete Complete
Memory safety bugs were reported in Firefox 55 and Firefox ESR 52.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4.
21 CVE-2017-7792 119 Overflow 2018-06-11 2018-08-03
7.5
None Remote Low Not required Partial Partial Partial
A buffer overflow will occur when viewing a certificate in the certificate manager if the certificate has an extremely long object identifier (OID). This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.
22 CVE-2017-7786 119 Overflow 2018-06-11 2018-08-03
7.5
None Remote Low Not required Partial Partial Partial
A buffer overflow can occur when the image renderer attempts to paint non-displayable SVG elements. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.
23 CVE-2017-7785 119 Overflow 2018-06-11 2018-08-03
7.5
None Remote Low Not required Partial Partial Partial
A buffer overflow can occur when manipulating Accessible Rich Internet Applications (ARIA) attributes within the DOM. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.
24 CVE-2017-7780 119 Overflow Mem. Corr. 2018-06-11 2018-08-07
7.5
None Remote Low Not required Partial Partial Partial
Memory safety bugs were reported in Firefox 54. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 55.
25 CVE-2017-7779 119 Overflow Mem. Corr. 2018-06-11 2018-08-01
10.0
None Remote Low Not required Complete Complete Complete
Memory safety bugs were reported in Firefox 54, Firefox ESR 52.2, and Thunderbird 52.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.
26 CVE-2017-7778 125 Overflow 2018-06-11 2018-08-13
7.5
None Remote Low Not required Partial Partial Partial
A number of security vulnerabilities in the Graphite 2 library including out-of-bounds reads, buffer overflow reads and writes, and the use of uninitialized memory. These issues were addressed in Graphite 2 version 1.3.10. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.
27 CVE-2017-5471 119 Overflow Mem. Corr. 2018-06-11 2018-08-09
7.5
None Remote Low Not required Partial Partial Partial
Memory safety bugs were reported in Firefox 53. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 54.
28 CVE-2017-5470 119 Overflow Mem. Corr. 2018-06-11 2018-08-03
7.5
None Remote Low Not required Partial Partial Partial
Memory safety bugs were reported in Firefox 53 and Firefox ESR 52.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.
29 CVE-2017-5469 119 Overflow 2018-06-11 2018-08-07
7.5
None Remote Low Not required Partial Partial Partial
Fixed potential buffer overflows in generated Firefox code due to CVE-2016-6354 issue in Flex. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
30 CVE-2017-5467 119 Overflow Mem. Corr. 2018-06-11 2018-07-30
5.0
None Remote Low Not required None None Partial
A potential memory corruption and crash when using Skia content when drawing content outside of the bounds of a clipping region. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53.
31 CVE-2017-5464 119 Overflow Mem. Corr. 2018-06-11 2018-08-07
7.5
None Remote Low Not required Partial Partial Partial
During DOM manipulations of the accessibility tree through script, the DOM tree can become out of sync with the accessibility tree, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
32 CVE-2017-5459 119 Overflow 2018-06-11 2018-08-07
7.5
None Remote Low Not required Partial Partial Partial
A buffer overflow in WebGL triggerable by web content, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
33 CVE-2017-5444 119 Overflow 2018-06-11 2018-08-07
5.0
None Remote Low Not required Partial None None
A buffer overflow vulnerability while parsing "application/http-index-format" format content when the header contains improperly formatted data. This allows for an out-of-bounds read of data from memory. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
34 CVE-2017-5430 119 Overflow Mem. Corr. 2018-06-11 2018-08-09
7.5
None Remote Low Not required Partial Partial Partial
Memory safety bugs were reported in Firefox 52, Firefox ESR 52, and Thunderbird 52. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53.
35 CVE-2017-5429 119 Overflow Mem. Corr. 2018-06-11 2018-08-07
7.5
None Remote Low Not required Partial Partial Partial
Memory safety bugs were reported in Firefox 52, Firefox ESR 45.8, Firefox ESR 52, and Thunderbird 52. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
36 CVE-2017-5428 190 Overflow 2018-06-11 2018-08-09
7.5
None Remote Low Not required Partial Partial Partial
An integer overflow in "createImageBitmap()" was reported through the Pwn2Own contest. The fix for this vulnerability disables the experimental extensions to the "createImageBitmap" API. This function runs in the content sandbox, requiring a second vulnerability to compromise a user's computer. This vulnerability affects Firefox ESR < 52.0.1 and Firefox < 52.0.1.
37 CVE-2017-5413 119 Overflow 2018-06-11 2018-08-07
7.5
None Remote Low Not required Partial Partial Partial
A segmentation fault can occur during some bidirectional layout operations. This vulnerability affects Firefox < 52 and Thunderbird < 52.
38 CVE-2017-5412 119 Overflow 2018-06-11 2018-08-07
5.0
None Remote Low Not required Partial None None
A buffer overflow read during SVG filter color value operations, resulting in data exposure. This vulnerability affects Firefox < 52 and Thunderbird < 52.
39 CVE-2017-5410 119 Overflow Mem. Corr. 2018-06-11 2018-08-07
7.5
None Remote Low Not required Partial Partial Partial
Memory corruption resulting in a potentially exploitable crash during garbage collection of JavaScript due errors in how incremental sweeping is managed for memory cleanup. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8.
40 CVE-2017-5406 119 Overflow 2018-06-11 2018-08-07
5.0
None Remote Low Not required None None Partial
A segmentation fault can occur in the Skia graphics library during some canvas operations due to issues with mask/clip intersection and empty masks. This vulnerability affects Firefox < 52 and Thunderbird < 52.
41 CVE-2017-5400 119 Overflow Mem. Corr. Bypass 2018-06-11 2018-08-07
7.5
None Remote Low Not required Partial Partial Partial
JIT-spray targeting asm.js combined with a heap spray allows for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8.
42 CVE-2017-5399 119 Overflow Mem. Corr. 2018-06-11 2018-08-01
10.0
None Remote Low Not required Complete Complete Complete
Memory safety bugs were reported in Firefox 51. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 52 and Thunderbird < 52.
43 CVE-2017-5398 119 Overflow Mem. Corr. 2018-06-11 2018-08-01
10.0
None Remote Low Not required Complete Complete Complete
Memory safety bugs were reported in Thunderbird 45.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8.
44 CVE-2017-5392 119 Overflow Mem. Corr. 2018-06-11 2018-08-07
7.5
None Remote Low Not required Partial Partial Partial
Weak proxy objects have weak references on multiple threads when they should only have them on one, resulting in incorrect memory usage and corruption, which leads to potentially exploitable crashes. Note: This issue only affects Firefox for Android. Other operating systems are not affected. This vulnerability affects Firefox < 51.
45 CVE-2017-5377 119 Overflow Mem. Corr. 2018-06-11 2018-08-07
7.5
None Remote Low Not required Partial Partial Partial
A memory corruption vulnerability in Skia that can occur when using transforms to make gradients, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 51.
46 CVE-2017-5375 119 Overflow Mem. Corr. Bypass 2018-06-11 2018-08-02
7.5
None Remote Low Not required Partial Partial Partial
JIT code allocation can allow for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.
47 CVE-2017-5374 119 Overflow Mem. Corr. 2018-06-11 2018-08-07
7.5
None Remote Low Not required Partial Partial Partial
Memory safety bugs were reported in Firefox 50.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 51.
48 CVE-2017-5373 119 Overflow Mem. Corr. 2018-06-11 2018-08-02
7.5
None Remote Low Not required Partial Partial Partial
Memory safety bugs were reported in Firefox 50.1 and Firefox ESR 45.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.
49 CVE-2016-9897 119 Overflow Mem. Corr. 2018-06-11 2018-08-01
5.0
None Remote Low Not required None None Partial
Memory corruption resulting in a potentially exploitable crash during WebGL functions using a vector constructor with a varying array within libGLES. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.
50 CVE-2016-9894 119 Overflow 2018-06-11 2018-08-01
5.0
None Remote Low Not required None None Partial
A buffer overflow in SkiaGl caused when a GrGLBuffer is truncated during allocation. Later writers will overflow the buffer, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 50.1.
Total number of vulnerabilities : 58   Page : 1 (This Page)2
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.