• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-20

CVE-2018-12385

February 26, 2023 by

A potentially exploitable crash in TransportSecurityInfo used for SSL can be triggered by data stored in the local cache in the user profile directory. This issue is only exploitable in combination with another vulnerability allowing an attacker to write data into the local cache or from locally installed malware. This issue also triggers a non-exploitable startup crash for users switching between the Nightly and Release versions of Firefox if the same profile is used. This vulnerability affects Thunderbird < 60.2.1, Firefox ESR < 60.2.1, and Firefox < 62.0.2.

CVE-2018-12387

February 26, 2023 by

A vulnerability where the JavaScript JIT compiler inlines Array.prototype.push with multiple arguments that results in the stack pointer being off by 8 bytes after a bailout. This leaks a memory address to the calling function which can be used as part of an exploit inside the sandboxed content process. This vulnerability affects Firefox ESR < 60.2.2 and Firefox < 62.0.3.

CVE-2018-12401

February 26, 2023 by

Some special resource URIs will cause a non-exploitable crash if loaded with optional parameters following a ‘?’ in the parsed string. This could lead to denial of service (DOS) attacks. This vulnerability affects Firefox < 63.

CVE-2018-12367

February 26, 2023 by

In the previous mitigations for Spectre, the resolution or precision of various methods was reduced to counteract the ability to measure precise time intervals. In that work PerformanceNavigationTiming was not adjusted but it was found that it could be used as a precision timer. This vulnerability affects Thunderbird < 60, Firefox ESR < 60.1, and Firefox < 61.

CVE-2018-12270

February 26, 2023 by

In Valve Steam 1528829181 BETA, it is possible to perform a homograph / homoglyph attack to create fake URLs in the client, which may trick users into visiting unintended web sites.

CVE-2018-12207

February 26, 2023 by

Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(R) Processors may allow an authenticated user to potentially enable denial of service of the host system via local access.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 248
  • Go to page 249
  • Go to page 250
  • Go to page 251
  • Go to page 252
  • Interim pages omitted …
  • Go to page 681
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE