Vulnerabilities > Microsoft > Windows
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-06-11 | CVE-2017-7766 | Multiple Security vulnerability in Mozilla Firefox and Firefox ESR An attack using manipulation of "updater.ini" contents, used by the Mozilla Windows Updater, and privilege escalation through the Mozilla Maintenance Service to allow for arbitrary file execution and deletion by the Maintenance Service, which has privileged access. | 4.6 |
2018-06-11 | CVE-2017-7765 | Improper Input Validation vulnerability in Mozilla Firefox, Firefox ESR and Thunderbird The "Mark of the Web" was not correctly saved on Windows when files with very long names were downloaded from the Internet. | 5.0 |
2018-06-11 | CVE-2017-7761 | Incorrect Default Permissions vulnerability in Mozilla Firefox and Firefox ESR The Mozilla Maintenance Service "helper.exe" application creates a temporary directory writable by non-privileged users. | 3.6 |
2018-06-11 | CVE-2017-7760 | Channel and Path Errors vulnerability in Mozilla Firefox and Firefox ESR The Mozilla Windows updater modifies some files to be updated by reading the original file and applying changes to it. | 4.6 |
2018-06-11 | CVE-2017-7755 | Untrusted Search Path vulnerability in Mozilla Firefox, Firefox ESR and Thunderbird The Firefox installer on Windows can be made to load malicious DLL files stored in the same directory as the installer when it is run. | 6.8 |
2018-06-11 | CVE-2017-5411 | Use After Free vulnerability in Mozilla Firefox and Thunderbird A use-after-free can occur during buffer storage operations within the ANGLE graphics library, used for WebGL content. | 5.0 |
2018-06-11 | CVE-2017-5409 | Improper Privilege Management vulnerability in Mozilla Firefox and Firefox ESR The Mozilla Windows updater can be called by a non-privileged user to delete an arbitrary local file by passing a special path to the callback parameter through the Mozilla Maintenance Service, which has privileged access. | 3.6 |
2018-06-11 | CVE-2016-9079 | Use After Free vulnerability in multiple products A use-after-free vulnerability in SVG Animation has been discovered. | 5.0 |
2018-06-11 | CVE-2016-9072 | 7PK - Security Features vulnerability in Mozilla Firefox When a new Firefox profile is created on 64-bit Windows installations, the sandbox for 64-bit NPAPI plugins is not enabled by default. | 5.0 |
2018-06-11 | CVE-2016-5295 | Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox This vulnerability allows an attacker to use the Mozilla Maintenance Service to escalate privilege by having the Maintenance Service invoke the Mozilla Updater to run malicious local files. | 4.6 |