Vulnerabilities > Information Exposure
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-11 | CVE-2017-7759 | Information Exposure vulnerability in multiple products Android intent URLs given to Firefox for Android can be used to navigate from HTTP or HTTPS URLs to local "file:" URLs, allowing for the reading of local data through a violation of same-origin policy. | 7.5 |
| 2018-06-11 | CVE-2017-5454 | Information Exposure vulnerability in multiple products A mechanism to bypass file system access protections in the sandbox to use the file picker to access different files than those selected in the file picker through the use of relative paths. | 7.5 |
| 2018-06-11 | CVE-2017-5425 | Information Exposure vulnerability in Mozilla Firefox The Gecko Media Plugin sandbox allows access to local files that match specific regular expressions. | 7.5 |
| 2018-06-11 | CVE-2017-5414 | Information Exposure vulnerability in Mozilla Firefox The file picker dialog can choose and display the wrong local default directory when instantiated. | 5.5 |
| 2018-06-11 | CVE-2017-5408 | Information Exposure vulnerability in multiple products Video files loaded video captions cross-origin without checking for the presence of CORS headers permitting such cross-origin use, leading to potential information disclosure for video captions. | 5.3 |
| 2018-06-11 | CVE-2017-5407 | Information Exposure vulnerability in multiple products Using SVG filters that don't use the fixed point math implementation on a target iframe, a malicious page can extract pixel values from a targeted user. | 6.5 |
| 2018-06-11 | CVE-2017-5385 | Information Exposure vulnerability in Mozilla Firefox Data sent with in multipart channels, such as the multipart/x-mixed-replace MIME type, will ignore the referrer-policy response header, leading to potential information disclosure for sites using this header. | 7.5 |
| 2018-06-11 | CVE-2017-5384 | Information Exposure vulnerability in Mozilla Firefox Proxy Auto-Config (PAC) files can specify a JavaScript function called for all URL requests with the full URL path which exposes more information than would be sent to the proxy itself in the case of HTTPS. | 5.9 |
| 2018-06-11 | CVE-2017-5382 | Information Exposure vulnerability in Mozilla Firefox Feed preview for RSS feeds can be used to capture errors and exceptions generated by privileged content, allowing for the exposure of internal information not meant to be seen by web content. | 7.5 |
| 2018-06-11 | CVE-2017-5378 | Information Exposure vulnerability in multiple products Hashed codes of JavaScript objects are shared between pages. | 7.5 |