vulnerability
FreeBSD: VID-5aefc41e-d304-4ec8-8c82-824f84f08244 (CVE-2018-5180): mozilla -- multiple vulnerabilities
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:L/Au:N/C:N/I:N/A:P) | May 9, 2018 | May 10, 2018 | Dec 10, 2025 |
Severity
5
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
Published
May 9, 2018
Added
May 10, 2018
Modified
Dec 10, 2025
Description
Mozilla Foundation reports: CVE-2018-5183: Backport critical security fixes in Skia CVE-2018-5154: Use-after-free with SVG animations and clip paths CVE-2018-5155: Use-after-free with SVG animations and text paths CVE-2018-5157: Same-origin bypass of PDF Viewer to view protected PDF files CVE-2018-5158: Malicious PDF can inject JavaScript into PDF Viewer CVE-2018-5159: Integer overflow and out-of-bounds write in Skia CVE-2018-5160: Uninitialized memory use by WebRTC encoder CVE-2018-5152: WebExtensions information leak through webRequest API CVE-2018-5153: Out-of-bounds read in mixed content websocket messages CVE-2018-5163: Replacing cached data in JavaScript Start-up Bytecode Cache CVE-2018-5164: CSP not applied to all multipart content sent with multipart/x-mixed-replace CVE-2018-5166: WebExtension host permission bypass through filterReponseData CVE-2018-5167: Improper linkification of chrome: and javascript: content in web console and JavaScript debugger CVE-2018-5168: Lightweight themes can be installed without user interaction CVE-2018-5169: Dragging and dropping link text onto home button can set home page to include chrome pages CVE-2018-5172: Pasted script from clipboard can run in the Live Bookmarks page or PDF viewer CVE-2018-5173: File name spoofing of Downloads panel with Unicode characters CVE-2018-5174: Windows Defender SmartScreen UI runs with less secure behavior for downloaded files in Windows 10 April 2018 Update CVE-2018-5175: Universal CSP bypass on sites using strict-dynamic in their policies CVE-2018-5176: JSON Viewer script injection CVE-2018-5177: Buffer overflow in XSLT during number formatting CVE-2018-5165: Checkbox for enabling Flash protected mode is inverted in 32-bit Firefox CVE-2018-5178: Buffer overflow during UTF-8 to Unicode string conversion through legacy extension CVE-2018-5180: heap-use-after-free in mozilla::WebGLContext::DrawElementsInstanced CVE-2018-5181: Local file can be displayed in noopener tab through drag and drop of hyperlink CVE-2018-5182: Local file can be displayed from hyperlink dragged and dropped on addressbar CVE-2018-5151: Memory safety bugs fixed in Firefox 60 CVE-2018-5150: Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8
Solutions
freebsd-upgrade-package-firefoxfreebsd-upgrade-package-waterfoxfreebsd-upgrade-package-seamonkeyfreebsd-upgrade-package-linux-seamonkeyfreebsd-upgrade-package-firefox-esrfreebsd-upgrade-package-linux-firefoxfreebsd-upgrade-package-libxulfreebsd-upgrade-package-thunderbirdfreebsd-upgrade-package-linux-thunderbird
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.