Vulnerabilities > Mozilla > Firefox > 20.0.1

DATE CVE VULNERABILITY TITLE RISK
2018-06-11 CVE-2018-5091 Use After Free vulnerability in multiple products
A use-after-free vulnerability can occur during WebRTC connections when interacting with the DTMF timers.
network
low complexity
debian redhat mozilla canonical CWE-416
7.5
2018-06-11 CVE-2018-5090 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Memory safety bugs were reported in Firefox 57.
network
low complexity
mozilla canonical CWE-119
critical
10.0
2018-06-11 CVE-2018-5089 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Memory safety bugs were reported in Firefox 57 and Firefox ESR 52.5.
network
low complexity
canonical redhat debian mozilla CWE-119
7.5
2018-06-11 CVE-2017-7845 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mozilla Firefox, Firefox ESR and Thunderbird
A buffer overflow occurs when drawing and validating elements using Direct 3D 9 with the ANGLE graphics library, used for WebGL content.
network
mozilla microsoft CWE-119
critical
9.3
2018-06-11 CVE-2017-7844 Information Exposure vulnerability in Mozilla Firefox
A combination of an external SVG image referenced on a page and the coloring of anchor links stored within this image can be used to determine which pages a user has in their history.
network
mozilla CWE-200
4.3
2018-06-11 CVE-2017-7843 Information Exposure vulnerability in multiple products
When Private Browsing mode is used, it is possible for a web worker to write persistent data to IndexedDB and fingerprint a user uniquely.
network
low complexity
debian mozilla redhat CWE-200
5.0
2018-06-11 CVE-2017-7842 Information Exposure vulnerability in Mozilla Firefox
If a document's Referrer Policy attribute is set to "no-referrer" sometimes two network requests are made for "<link>" elements instead of one.
network
low complexity
mozilla CWE-200
5.0
2018-06-11 CVE-2017-7840 Cross-site Scripting vulnerability in Mozilla Firefox
JavaScript can be injected into an exported bookmarks file by placing JavaScript code into user-supplied tags in saved bookmarks.
network
mozilla CWE-79
4.3
2018-06-11 CVE-2017-7839 Cross-site Scripting vulnerability in Mozilla Firefox
Control characters prepended before "javascript:" URLs pasted in the addressbar can cause the leading characters to be ignored and the pasted JavaScript to be executed instead of being blocked.
network
mozilla CWE-79
4.3
2018-06-11 CVE-2017-7838 Improper Input Validation vulnerability in Mozilla Firefox
Punycode format text will be displayed for entire qualified international domain names in some instances when a sub-domain triggers the punycode display instead of the primary domain being displayed in native script and the sub-domain only displaying as punycode.
network
low complexity
mozilla CWE-20
5.0