Vulnerabilities > Mozilla > Firefox ESR > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-11 | CVE-2017-7768 | Information Exposure vulnerability in Mozilla Firefox The Mozilla Maintenance Service can be invoked by an unprivileged user to read 32 bytes of any arbitrary file on the local system by convincing the service that it is reading a status file provided by the Mozilla Windows Updater. | 5.5 |
| 2018-06-11 | CVE-2017-7767 | Improper Privilege Management vulnerability in Mozilla Firefox The Mozilla Maintenance Service can be invoked by an unprivileged user to overwrite arbitrary files with junk data using the Mozilla Windows Updater, which runs with the Maintenance Service's privileged access. | 5.5 |
| 2018-06-11 | CVE-2017-7764 | Improper Input Validation vulnerability in multiple products Characters from the "Canadian Syllabics" unicode block can be mixed with characters from other unicode blocks in the addressbar instead of being rendered as their raw "punycode" form, allowing for domain name spoofing attacks through character confusion. | 5.3 |
| 2018-06-11 | CVE-2017-7763 | Improper Input Validation vulnerability in multiple products Default fonts on OS X display some Tibetan characters as whitespace. | 5.3 |
| 2018-06-11 | CVE-2017-7761 | Incorrect Default Permissions vulnerability in Mozilla Firefox The Mozilla Maintenance Service "helper.exe" application creates a temporary directory writable by non-privileged users. | 5.5 |
| 2018-06-11 | CVE-2017-5466 | Cross-site Scripting vulnerability in multiple products If a page is loaded from an original site through a hyperlink and contains a redirect to a "data:text/html" URL, triggering a reload will run the reloaded "data:text/html" page with its origin set incorrectly. | 6.1 |
| 2018-06-11 | CVE-2017-5462 | Incorrect Calculation vulnerability in multiple products A flaw in DRBG number generation within the Network Security Services (NSS) library where the internal state V does not correctly carry bits over. | 5.3 |
| 2018-06-11 | CVE-2017-5451 | Improper Input Validation vulnerability in multiple products A mechanism to spoof the addressbar through the user interaction on the addressbar and the "onblur" event. | 4.3 |
| 2018-06-11 | CVE-2017-5409 | Improper Privilege Management vulnerability in Mozilla Firefox The Mozilla Windows updater can be called by a non-privileged user to delete an arbitrary local file by passing a special path to the callback parameter through the Mozilla Maintenance Service, which has privileged access. | 5.5 |
| 2018-06-11 | CVE-2017-5408 | Information Exposure vulnerability in multiple products Video files loaded video captions cross-origin without checking for the presence of CORS headers permitting such cross-origin use, leading to potential information disclosure for video captions. | 5.3 |