Description
Multiple serious vulnerabilities have been found in Mozilla Firefox and Mozilla Firefox ESR. Malicious users can exploit these vulnerabilities to cause a denial of service, spoof user interface, obtain sensitive information, execute arbitrary code, perform cross-site scripting attacks, bypass security restrictions and gain privileges.
- Multiple use-after-free vulnerabilities can be explotied remotely to cause denial of service;
- An use-after-free vulnerability in Web Workers can be explotied remotely to cause denial of service;
- Multiple heap overflow vulnerabilities in WebAssembly can be exploited remotely to cause denial of service;
- An integer overflow vulnerability in the Skia library can be exploited remotely to cause denial of service;
- An unspecified vulnerability in WebExtentions can be exploited remotely to bypass security restrictions;
- An unspecified vulnerability in Developer Tools can be exploited remotely to obtain sensitive information;
- An unspecified vulnerability in the printing process can be exploited remotely to bypass security restrictions;
- Origin attribute segregation violation by a Blob URL can be exploited remotely to obtain sensitive information;
- An unspecified vulnerability can be exploited remotely to obtain sensitive information;
- An unspecified vulnerability can be exploited remotely to spoof user interface;
- An unspecified vulnerability can be exploited remotely via specially formatted URL to spoof user interface;
- An improper enforce of requirement in Developer Tool panels of an extention can be exploited remotely to gain priveleges
- An improper enforce of requirement in the browser.identity.launchWebAuthFlow function can be exploited remotely to gain priveleges;
- An incorrect use of the changed HttpOnly cookie can be exploited remotely to bypass security restrictions;
- An unspecified vulnerability can be exploited remotely via specially crafted background network request to obtain sensitive information;
- An improper enforce of requirement in the WebExtensions can be exploited remotely to bypass security restrictions;
- An unspecified vulnerability can be exploited remotely via specially crafted URL to spoof user interface;
- An unspecified vulnerability in Activity Stream can be exploited remotely to bypass security restrictions;
- An unspecified vulnerability in the reader view can be exploited remotely to perform cross site scripting (XSS) attack;
- An unspecified vulnerability in the addressbar can be exploited remotely via some Tibetan characters in several fonts to spoof user interface;
- A potential integer overflow vulnerability in the DoCrypt function of WebCrypto can be exploited remotely to denial of service;
- Multiple memory corruption vulnerabilities can be exploited remotely to execute arbitrary code;
Technical details
Vulnerabilities (2)-(9), (11)-(16), (18), (19), (21) affects only Mozilla Firefox.
Vulnerabilities (10), (20) affects only OS X versions of Mozilla Firefox.
Original advisories
Exploitation
Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.
Related products
CVE list
- CVE-2018-5091 critical
- CVE-2018-5095 critical
- CVE-2018-5096 critical
- CVE-2018-5097 critical
- CVE-2018-5098 critical
- CVE-2018-5099 critical
- CVE-2018-5102 critical
- CVE-2018-5103 critical
- CVE-2018-5104 critical
- CVE-2018-5117 warning
- CVE-2018-5089 critical
- CVE-2018-5092 critical
- CVE-2018-5093 warning
- CVE-2018-5094 warning
- CVE-2018-5100 warning
- CVE-2018-5101 warning
- CVE-2018-5105 high
- CVE-2018-5106 warning
- CVE-2018-5107 warning
- CVE-2018-5108 warning
- CVE-2018-5109 warning
- CVE-2018-5110 warning
- CVE-2018-5111 warning
- CVE-2018-5112 warning
- CVE-2018-5113 warning
- CVE-2018-5114 warning
- CVE-2018-5115 warning
- CVE-2018-5116 critical
- CVE-2018-5118 warning
- CVE-2018-5119 warning
- CVE-2018-5121 warning
- CVE-2018-5122 critical
- CVE-2018-5090 critical
Read more
Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com