Vulnerabilities > Mozilla > Firefox > 21.0

DATE CVE VULNERABILITY TITLE RISK
2018-06-11 CVE-2017-7821 Incorrect Permission Assignment for Critical Resource vulnerability in Mozilla Firefox
A vulnerability where WebExtensions can download and attempt to open a file of some non-executable file types.
network
low complexity
mozilla CWE-732
7.5
2018-06-11 CVE-2017-7820 Unspecified vulnerability in Mozilla Firefox
The "instanceof" operator can bypass the Xray wrapper mechanism.
network
low complexity
mozilla
5.0
2018-06-11 CVE-2017-7819 Use After Free vulnerability in multiple products
A use-after-free vulnerability can occur in design mode when image objects are resized if objects referenced during the resizing have been freed from memory.
network
low complexity
redhat debian mozilla CWE-416
7.5
2018-06-11 CVE-2017-7818 Use After Free vulnerability in multiple products
A use-after-free vulnerability can occur when manipulating arrays of Accessible Rich Internet Applications (ARIA) elements within containers through the DOM.
network
low complexity
redhat debian mozilla CWE-416
7.5
2018-06-11 CVE-2017-7817 Improper Input Validation vulnerability in Mozilla Firefox
A spoofing vulnerability can occur when a page switches to fullscreen mode without user notification, allowing a fake address bar to be displayed.
network
low complexity
mozilla google CWE-20
5.0
2018-06-11 CVE-2017-7816 Improper Input Validation vulnerability in Mozilla Firefox
WebExtensions could use popups and panels in the extension UI to load an "about:" privileged URL, violating security checks that disallow this behavior.
network
low complexity
mozilla CWE-20
5.0
2018-06-11 CVE-2017-7815 Improper Input Validation vulnerability in Mozilla Firefox
On pages containing an iframe, the "data:" protocol can be used to create a modal dialog through Javascript that will have an arbitrary domains as the dialog's location, spoofing of the origin of the modal dialog from the user view.
network
low complexity
mozilla CWE-20
5.0
2018-06-11 CVE-2017-7814 Improper Input Validation vulnerability in multiple products
File downloads encoded with "blob:" and "data:" URL elements bypassed normal file download checks though the Phishing and Malware Protection feature and its block lists of suspicious sites and files.
6.8
2018-06-11 CVE-2017-7813 Incorrect Type Conversion or Cast vulnerability in Mozilla Firefox
Inside the JavaScript parser, a cast of an integer to a narrower type can result in data read from outside the buffer being parsed.
network
low complexity
mozilla CWE-704
6.4
2018-06-11 CVE-2017-7812 Information Exposure vulnerability in Mozilla Firefox
If web content on a page is dragged onto portions of the browser UI, such as the tab bar, links can be opened that otherwise would not be allowed to open.
network
low complexity
mozilla CWE-200
5.0