Vulnerabilities > Mozilla > Firefox ESR > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-11 | CVE-2017-7843 | Information Exposure vulnerability in multiple products When Private Browsing mode is used, it is possible for a web worker to write persistent data to IndexedDB and fingerprint a user uniquely. | 7.5 |
| 2018-06-11 | CVE-2017-7814 | Improper Input Validation vulnerability in multiple products File downloads encoded with "blob:" and "data:" URL elements bypassed normal file download checks though the Phishing and Malware Protection feature and its block lists of suspicious sites and files. | 7.8 |
| 2018-06-11 | CVE-2017-7807 | Improper Input Validation vulnerability in multiple products A mechanism that uses AppCache to hijack a URL in a domain using fallback by serving the files from a sub-path on the domain. | 8.1 |
| 2018-06-11 | CVE-2017-7804 | Improper Input Validation vulnerability in Mozilla Firefox The destructor function for the "WindowsDllDetourPatcher" class can be re-purposed by malicious code in concert with another vulnerability to write arbitrary data to an attacker controlled location in memory. | 7.5 |
| 2018-06-11 | CVE-2017-7803 | Improper Privilege Management vulnerability in multiple products When a page's content security policy (CSP) header contains a "sandbox" directive, other directives are ignored. | 7.5 |
| 2018-06-11 | CVE-2017-7798 | Code Injection vulnerability in multiple products The Developer Tools feature suffers from a XUL injection vulnerability due to improper sanitization of the web page source code. | 8.8 |
| 2018-06-11 | CVE-2017-7787 | Information Exposure vulnerability in multiple products Same-origin policy protections can be bypassed on pages with embedded iframes during page reloads, allowing the iframes to access content on the top level page, leading to information disclosure. | 7.5 |
| 2018-06-11 | CVE-2017-7766 | Unspecified vulnerability in Mozilla Firefox An attack using manipulation of "updater.ini" contents, used by the Mozilla Windows Updater, and privilege escalation through the Mozilla Maintenance Service to allow for arbitrary file execution and deletion by the Maintenance Service, which has privileged access. | 7.8 |
| 2018-06-11 | CVE-2017-7765 | Improper Input Validation vulnerability in Mozilla Firefox The "Mark of the Web" was not correctly saved on Windows when files with very long names were downloaded from the Internet. | 7.5 |
| 2018-06-11 | CVE-2017-7760 | Channel and Path Errors vulnerability in Mozilla Firefox The Mozilla Windows updater modifies some files to be updated by reading the original file and applying changes to it. | 7.8 |