Vulnerabilities > Mozilla > Firefox ESR > High

DATE CVE VULNERABILITY TITLE RISK
2018-06-11 CVE-2017-7807 Improper Input Validation vulnerability in multiple products
A mechanism that uses AppCache to hijack a URL in a domain using fallback by serving the files from a sub-path on the domain.
network
low complexity
debian redhat mozilla CWE-20
8.1
2018-06-11 CVE-2017-7804 Improper Input Validation vulnerability in Mozilla Firefox
The destructor function for the "WindowsDllDetourPatcher" class can be re-purposed by malicious code in concert with another vulnerability to write arbitrary data to an attacker controlled location in memory.
network
low complexity
mozilla CWE-20
7.5
2018-06-11 CVE-2017-7803 Improper Privilege Management vulnerability in multiple products
When a page's content security policy (CSP) header contains a "sandbox" directive, other directives are ignored.
network
low complexity
redhat debian mozilla CWE-269
7.5
2018-06-11 CVE-2017-7798 Code Injection vulnerability in multiple products
The Developer Tools feature suffers from a XUL injection vulnerability due to improper sanitization of the web page source code.
network
low complexity
debian redhat mozilla CWE-94
8.8
2018-06-11 CVE-2017-7787 Information Exposure vulnerability in multiple products
Same-origin policy protections can be bypassed on pages with embedded iframes during page reloads, allowing the iframes to access content on the top level page, leading to information disclosure.
network
low complexity
debian redhat mozilla CWE-200
7.5
2018-06-11 CVE-2017-7766 Unspecified vulnerability in Mozilla Firefox
An attack using manipulation of "updater.ini" contents, used by the Mozilla Windows Updater, and privilege escalation through the Mozilla Maintenance Service to allow for arbitrary file execution and deletion by the Maintenance Service, which has privileged access.
local
low complexity
mozilla
7.8
2018-06-11 CVE-2017-7765 Improper Input Validation vulnerability in Mozilla Firefox
The "Mark of the Web" was not correctly saved on Windows when files with very long names were downloaded from the Internet.
network
low complexity
mozilla CWE-20
7.5
2018-06-11 CVE-2017-7760 Channel and Path Errors vulnerability in Mozilla Firefox
The Mozilla Windows updater modifies some files to be updated by reading the original file and applying changes to it.
local
low complexity
mozilla CWE-417
7.8
2018-06-11 CVE-2017-7755 Untrusted Search Path vulnerability in Mozilla Firefox
The Firefox installer on Windows can be made to load malicious DLL files stored in the same directory as the installer when it is run.
local
low complexity
mozilla CWE-426
7.8
2018-06-11 CVE-2017-7754 Out-of-bounds Read vulnerability in multiple products
An out-of-bounds read in WebGL with a maliciously crafted "ImageInfo" object during WebGL operations.
network
low complexity
debian redhat mozilla CWE-125
7.5