VulnerableCode Package Details - pkg:alpm/archlinux/firefox@63.0.3-1

Search for packages

Vulnerability	Summary	Fixed by
VCID-9h4y-xcex-1fch Aliases: CVE-2018-18495	WebExtension content scripts can be loaded into about: pages in some circumstances, in violation of the permissions granted to extensions. This could allow an extension to interfere with the loading and usage of these pages and use capabilities that were intended to be restricted from extensions.	64.0-1 Affected by 0 other vulnerabilities.
VCID-cszr-1fu2-6be5 Aliases: CVE-2018-12406	Mozilla developers and community members Alex Gaynor, André Bargull, Boris Zbarsky, Christian Holler, Jan de Mooij, Jason Kratzer, Philipp, Ronald Crane, Natalia Csoregi, and Paul Theriault reported memory safety bugs present in Firefox 63. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.	64.0-1 Affected by 0 other vulnerabilities.
VCID-ka9x-22be-p7aw Aliases: CVE-2018-17466	Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which allows remote attackers to execute arbitrary code.	64.0-1 Affected by 0 other vulnerabilities.
VCID-n1v6-q6wt-ebaj Aliases: CVE-2018-18494	Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code.	64.0-1 Affected by 0 other vulnerabilities.
VCID-qvqm-n242-vyea Aliases: CVE-2018-12405	Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code.	64.0-1 Affected by 0 other vulnerabilities.
VCID-skbg-e4em-bkaw Aliases: CVE-2018-18492	Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code.	64.0-1 Affected by 0 other vulnerabilities.
VCID-vnmz-2agw-k3fg Aliases: CVE-2018-12407	A buffer overflow occurs when drawing and validating elements with the ANGLE graphics library, used for WebGL content, when working with the VertexBuffer11 module. This results in a potentially exploitable crash.	64.0-1 Affected by 0 other vulnerabilities.
VCID-wzt1-wzps-kqbr Aliases: CVE-2018-18497	Limitations on the URIs allowed to WebExtensions by the browser.windows.create API can be bypassed when a pipe in the URL field is used within the extension to load multiple pages as a single argument. This could allow a malicious WebExtension to opened privileged about: or file: locations.	64.0-1 Affected by 0 other vulnerabilities.
VCID-yq6p-sv1g-m3bj Aliases: CVE-2018-18493	Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code.	64.0-1 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-9h4y-xcex-1fch
Aliases:
CVE-2018-18495

WebExtension content scripts can be loaded into about: pages in some circumstances, in violation of the permissions granted to extensions. This could allow an extension to interfere with the loading and usage of these pages and use capabilities that were intended to be restricted from extensions.