Vulnerabilities > Mozilla > Firefox > 20.0.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-11 | CVE-2017-7806 | Use After Free vulnerability in Mozilla Firefox A use-after-free vulnerability can occur when the layer manager is freed too early when rendering specific SVG content, resulting in a potentially exploitable crash. | 5.0 |
| 2018-06-11 | CVE-2017-7804 | Improper Input Validation vulnerability in Mozilla Firefox, Firefox ESR and Thunderbird The destructor function for the "WindowsDllDetourPatcher" class can be re-purposed by malicious code in concert with another vulnerability to write arbitrary data to an attacker controlled location in memory. | 5.0 |
| 2018-06-11 | CVE-2017-7803 | Improper Privilege Management vulnerability in multiple products When a page's content security policy (CSP) header contains a "sandbox" directive, other directives are ignored. | 5.0 |
| 2018-06-11 | CVE-2017-7802 | Use After Free vulnerability in multiple products A use-after-free vulnerability can occur when manipulating the DOM during the resize event of an image element. | 7.5 |
| 2018-06-11 | CVE-2017-7801 | Use After Free vulnerability in multiple products A use-after-free vulnerability can occur while re-computing layout for a "marquee" element during window resizing where the updated style object is freed while still in use. | 7.5 |
| 2018-06-11 | CVE-2017-7800 | Use After Free vulnerability in multiple products A use-after-free vulnerability can occur in WebSockets when the object holding the connection is freed before the disconnection operation is finished. | 7.5 |
| 2018-06-11 | CVE-2017-7799 | Cross-site Scripting vulnerability in Mozilla Firefox JavaScript in the "about:webrtc" page is not sanitized properly being assigned to "innerHTML". | 4.3 |
| 2018-06-11 | CVE-2017-7798 | Code Injection vulnerability in multiple products The Developer Tools feature suffers from a XUL injection vulnerability due to improper sanitization of the web page source code. | 6.8 |
| 2018-06-11 | CVE-2017-7797 | Origin Validation Error vulnerability in Mozilla Firefox Response header name interning does not have same-origin protections and these headers are stored in a global registry. | 5.0 |
| 2018-06-11 | CVE-2017-7796 | Improper Input Validation vulnerability in Mozilla Firefox On Windows systems, the logger run by the Windows updater deletes the file "update.log" before it runs in order to write a new log of that name. | 3.3 |