Vulnerabilities > Mozilla > Firefox > 21.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-11 | CVE-2017-7821 | Incorrect Permission Assignment for Critical Resource vulnerability in Mozilla Firefox A vulnerability where WebExtensions can download and attempt to open a file of some non-executable file types. | 7.5 |
| 2018-06-11 | CVE-2017-7820 | Unspecified vulnerability in Mozilla Firefox The "instanceof" operator can bypass the Xray wrapper mechanism. | 5.0 |
| 2018-06-11 | CVE-2017-7819 | Use After Free vulnerability in multiple products A use-after-free vulnerability can occur in design mode when image objects are resized if objects referenced during the resizing have been freed from memory. | 7.5 |
| 2018-06-11 | CVE-2017-7818 | Use After Free vulnerability in multiple products A use-after-free vulnerability can occur when manipulating arrays of Accessible Rich Internet Applications (ARIA) elements within containers through the DOM. | 7.5 |
| 2018-06-11 | CVE-2017-7817 | Improper Input Validation vulnerability in Mozilla Firefox A spoofing vulnerability can occur when a page switches to fullscreen mode without user notification, allowing a fake address bar to be displayed. | 5.0 |
| 2018-06-11 | CVE-2017-7816 | Improper Input Validation vulnerability in Mozilla Firefox WebExtensions could use popups and panels in the extension UI to load an "about:" privileged URL, violating security checks that disallow this behavior. | 5.0 |
| 2018-06-11 | CVE-2017-7815 | Improper Input Validation vulnerability in Mozilla Firefox On pages containing an iframe, the "data:" protocol can be used to create a modal dialog through Javascript that will have an arbitrary domains as the dialog's location, spoofing of the origin of the modal dialog from the user view. | 5.0 |
| 2018-06-11 | CVE-2017-7814 | Improper Input Validation vulnerability in multiple products File downloads encoded with "blob:" and "data:" URL elements bypassed normal file download checks though the Phishing and Malware Protection feature and its block lists of suspicious sites and files. | 6.8 |
| 2018-06-11 | CVE-2017-7813 | Incorrect Type Conversion or Cast vulnerability in Mozilla Firefox Inside the JavaScript parser, a cast of an integer to a narrower type can result in data read from outside the buffer being parsed. | 6.4 |
| 2018-06-11 | CVE-2017-7812 | Information Exposure vulnerability in Mozilla Firefox If web content on a page is dragged onto portions of the browser UI, such as the tab bar, links can be opened that otherwise would not be allowed to open. | 5.0 |