Vulnerabilities > Mozilla > Firefox > 21.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-11 | CVE-2017-7843 | Information Exposure vulnerability in multiple products When Private Browsing mode is used, it is possible for a web worker to write persistent data to IndexedDB and fingerprint a user uniquely. | 5.0 |
| 2018-06-11 | CVE-2017-7842 | Information Exposure vulnerability in Mozilla Firefox If a document's Referrer Policy attribute is set to "no-referrer" sometimes two network requests are made for "<link>" elements instead of one. | 5.0 |
| 2018-06-11 | CVE-2017-7840 | Cross-site Scripting vulnerability in Mozilla Firefox JavaScript can be injected into an exported bookmarks file by placing JavaScript code into user-supplied tags in saved bookmarks. | 4.3 |
| 2018-06-11 | CVE-2017-7839 | Cross-site Scripting vulnerability in Mozilla Firefox Control characters prepended before "javascript:" URLs pasted in the addressbar can cause the leading characters to be ignored and the pasted JavaScript to be executed instead of being blocked. | 4.3 |
| 2018-06-11 | CVE-2017-7838 | Improper Input Validation vulnerability in Mozilla Firefox Punycode format text will be displayed for entire qualified international domain names in some instances when a sub-domain triggers the punycode display instead of the primary domain being displayed in native script and the sub-domain only displaying as punycode. | 5.0 |
| 2018-06-11 | CVE-2017-7837 | Improper Input Validation vulnerability in Mozilla Firefox SVG loaded through "<img>" tags can use "<meta>" tags within the SVG data to set cookies for that page. | 5.0 |
| 2018-06-11 | CVE-2017-7836 | Uncontrolled Search Path Element vulnerability in Mozilla Firefox The "pingsender" executable used by the Firefox Health Report dynamically loads a system copy of libcurl, which an attacker could replace. | 4.6 |
| 2018-06-11 | CVE-2017-7835 | Unspecified vulnerability in Mozilla Firefox Mixed content blocking of insecure (HTTP) sub-resources in a secure (HTTPS) document was not correctly applied for resources that redirect from HTTPS to HTTP, allowing content that should be blocked, such as scripts, to be loaded on a page. | 7.5 |
| 2018-06-11 | CVE-2017-7834 | Cross-site Scripting vulnerability in Mozilla Firefox A "data:" URL loaded in a new tab did not inherit the Content Security Policy (CSP) of the original page, allowing for bypasses of the policy including the execution of JavaScript. | 4.3 |
| 2018-06-11 | CVE-2017-7833 | Improper Input Validation vulnerability in Mozilla Firefox Some Arabic and Indic vowel marker characters can be combined with Latin characters in a domain name to eclipse the non-Latin character with some font sets on the addressbar. | 5.0 |