Vulnerabilities > Mozilla > Firefox > 3.0

DATE CVE VULNERABILITY TITLE RISK
2018-06-11 CVE-2017-7831 Information Exposure vulnerability in Mozilla Firefox
A vulnerability where the security wrapper does not deny access to some exposed properties using the deprecated "_exposedProps_" mechanism on proxy objects.
network
low complexity
mozilla CWE-200
5.0
2018-06-11 CVE-2017-7830 The Resource Timing API incorrectly revealed navigations in cross-origin iframes. 4.3
2018-06-11 CVE-2017-7828 Use After Free vulnerability in multiple products
A use-after-free vulnerability can occur when flushing and resizing layout because the "PressShell" object has been freed while still in use.
network
low complexity
debian redhat mozilla CWE-416
7.5
2018-06-11 CVE-2017-7827 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mozilla Firefox
Memory safety bugs were reported in Firefox 56.
network
low complexity
mozilla CWE-119
critical
10.0
2018-06-11 CVE-2017-7826 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Memory safety bugs were reported in Firefox 56 and Firefox ESR 52.4.
network
low complexity
debian redhat canonical mozilla CWE-119
critical
10.0
2018-06-11 CVE-2017-7825 Improper Input Validation vulnerability in multiple products
Several fonts on OS X display some Tibetan and Arabic characters as whitespace.
network
low complexity
debian mozilla apple CWE-20
5.0
2018-06-11 CVE-2017-7824 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
A buffer overflow occurs when drawing and validating elements with the ANGLE graphics library, used for WebGL content.
network
low complexity
redhat debian mozilla CWE-119
7.5
2018-06-11 CVE-2017-7823 Cross-site Scripting vulnerability in multiple products
The content security policy (CSP) "sandbox" directive did not create a unique origin for the document, causing it to behave as if the "allow-same-origin" keyword were always specified.
4.3
2018-06-11 CVE-2017-7822 Unspecified vulnerability in Mozilla Firefox
The AES-GCM implementation in WebCrypto API accepts 0-length IV when it should require a length of 1 according to the NIST Special Publication 800-38D specification.
network
low complexity
mozilla
5.0
2018-06-11 CVE-2017-7821 Incorrect Permission Assignment for Critical Resource vulnerability in Mozilla Firefox
A vulnerability where WebExtensions can download and attempt to open a file of some non-executable file types.
network
low complexity
mozilla CWE-732
7.5