Shodan
Vulnerabilities
Vulnerable Software
Mozilla:  >> Firefox  >> 15.0  Security Vulnerabilities
CVE-2018-18510
The about:crashcontent and about:crashparent pages can be triggered by web content. These pages are used to crash the loaded page or the browser for test purposes. This issue allows for a non-persistent denial of service (DOS) attack by a malicious site which links to these pages. This vulnerability affects Firefox < 64.
CVSS Score
6.5
EPSS Score
0.003
Published
2019-04-26
CVE-2018-5124
Unsanitized output in the browser UI leaves HTML tags in place and can result in arbitrary code execution in Firefox before version 58.0.1.
CVSS Score
6.1
EPSS Score
0.006
Published
2019-04-26
CVE-2018-5179
A service worker can send the activate event on itself periodically which allows it to run perpetually, allowing it to monitor activity by users. Affects all versions prior to Firefox 60.
CVSS Score
7.5
EPSS Score
0.003
Published
2019-04-26
CVE-2017-7771
Out-of-bounds read in Graphite2 Library in Firefox before 54 in graphite2::Pass::readPass function.
CVSS Score
8.1
EPSS Score
0.004
Published
2019-04-15
CVE-2017-7773
Heap-based Buffer Overflow write in Graphite2 library in Firefox before 54 in lz4::decompress src/Decompressor.
CVSS Score
8.8
EPSS Score
0.005
Published
2019-04-15
CVE-2017-7774
Out-of-bounds read in Graphite2 Library in Firefox before 54 in graphite2::Silf::readGraphite function.
CVSS Score
9.1
EPSS Score
0.006
Published
2019-04-15
CVE-2017-7776
Heap-based Buffer Overflow read in Graphite2 library in Firefox before 54 in graphite2::Silf::getClassGlyph.
CVSS Score
8.1
EPSS Score
0.005
Published
2019-04-15
CVE-2017-7777
Use of uninitialized memory in Graphite2 library in Firefox before 54 in graphite2::GlyphCache::Loader::read_glyph function.
CVSS Score
8.8
EPSS Score
0.005
Published
2019-04-15
CVE-2017-7772
Heap-based Buffer Overflow in Graphite2 library in Firefox before 54 in lz4::decompress function.
CVSS Score
8.8
EPSS Score
0.005
Published
2019-04-12
CVE-2018-12399
When a new protocol handler is registered, the API accepts a title argument which can be used to mislead users about which domain is registering the new protocol. This may result in the user approving a protocol handler that they otherwise would not have. This vulnerability affects Firefox < 63.
CVSS Score
4.3
EPSS Score
0.004
Published
2019-02-28


Products
Pricing
Contact Us

Shodan ® - All rights reserved