Vulnerabilities > Mozilla > Firefox > 21.0

DATE CVE VULNERABILITY TITLE RISK
2018-06-11 CVE-2017-7843 Information Exposure vulnerability in multiple products
When Private Browsing mode is used, it is possible for a web worker to write persistent data to IndexedDB and fingerprint a user uniquely.
network
low complexity
debian mozilla redhat CWE-200
5.0
2018-06-11 CVE-2017-7842 Information Exposure vulnerability in Mozilla Firefox
If a document's Referrer Policy attribute is set to "no-referrer" sometimes two network requests are made for "<link>" elements instead of one.
network
low complexity
mozilla CWE-200
5.0
2018-06-11 CVE-2017-7840 Cross-site Scripting vulnerability in Mozilla Firefox
JavaScript can be injected into an exported bookmarks file by placing JavaScript code into user-supplied tags in saved bookmarks.
network
mozilla CWE-79
4.3
2018-06-11 CVE-2017-7839 Cross-site Scripting vulnerability in Mozilla Firefox
Control characters prepended before "javascript:" URLs pasted in the addressbar can cause the leading characters to be ignored and the pasted JavaScript to be executed instead of being blocked.
network
mozilla CWE-79
4.3
2018-06-11 CVE-2017-7838 Improper Input Validation vulnerability in Mozilla Firefox
Punycode format text will be displayed for entire qualified international domain names in some instances when a sub-domain triggers the punycode display instead of the primary domain being displayed in native script and the sub-domain only displaying as punycode.
network
low complexity
mozilla CWE-20
5.0
2018-06-11 CVE-2017-7837 Improper Input Validation vulnerability in Mozilla Firefox
SVG loaded through "<img>" tags can use "<meta>" tags within the SVG data to set cookies for that page.
network
low complexity
mozilla CWE-20
5.0
2018-06-11 CVE-2017-7836 Uncontrolled Search Path Element vulnerability in Mozilla Firefox
The "pingsender" executable used by the Firefox Health Report dynamically loads a system copy of libcurl, which an attacker could replace.
local
low complexity
mozilla apple linux CWE-427
4.6
2018-06-11 CVE-2017-7835 Unspecified vulnerability in Mozilla Firefox
Mixed content blocking of insecure (HTTP) sub-resources in a secure (HTTPS) document was not correctly applied for resources that redirect from HTTPS to HTTP, allowing content that should be blocked, such as scripts, to be loaded on a page.
network
low complexity
mozilla
7.5
2018-06-11 CVE-2017-7834 Cross-site Scripting vulnerability in Mozilla Firefox
A "data:" URL loaded in a new tab did not inherit the Content Security Policy (CSP) of the original page, allowing for bypasses of the policy including the execution of JavaScript.
network
mozilla CWE-79
4.3
2018-06-11 CVE-2017-7833 Improper Input Validation vulnerability in Mozilla Firefox
Some Arabic and Indic vowel marker characters can be combined with Latin characters in a domain name to eclipse the non-Latin character with some font sets on the addressbar.
network
low complexity
mozilla CWE-20
5.0