Vulnerabilities > Mozilla > Firefox > 3.0

DATE CVE VULNERABILITY TITLE RISK
2018-06-11 CVE-2017-7810 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Memory safety bugs were reported in Firefox 55 and Firefox ESR 52.3.
network
low complexity
debian redhat canonical mozilla CWE-119
critical
10.0
2018-06-11 CVE-2017-7809 Use After Free vulnerability in multiple products
A use-after-free vulnerability can occur when an editor DOM node is deleted prematurely during tree traversal while still bound to the document.
network
low complexity
debian redhat mozilla CWE-416
7.5
2018-06-11 CVE-2017-7808 Information Exposure vulnerability in Mozilla Firefox
A content security policy (CSP) "frame-ancestors" directive containing origins with paths allows for comparisons against those paths instead of the origin.
network
low complexity
mozilla CWE-200
5.0
2018-06-11 CVE-2017-7807 Improper Input Validation vulnerability in multiple products
A mechanism that uses AppCache to hijack a URL in a domain using fallback by serving the files from a sub-path on the domain.
5.8
2018-06-11 CVE-2017-7806 Use After Free vulnerability in Mozilla Firefox
A use-after-free vulnerability can occur when the layer manager is freed too early when rendering specific SVG content, resulting in a potentially exploitable crash.
network
low complexity
mozilla CWE-416
5.0
2018-06-11 CVE-2017-7804 Improper Input Validation vulnerability in Mozilla Firefox, Firefox ESR and Thunderbird
The destructor function for the "WindowsDllDetourPatcher" class can be re-purposed by malicious code in concert with another vulnerability to write arbitrary data to an attacker controlled location in memory.
network
low complexity
mozilla microsoft CWE-20
5.0
2018-06-11 CVE-2017-7803 Improper Privilege Management vulnerability in multiple products
When a page's content security policy (CSP) header contains a "sandbox" directive, other directives are ignored.
network
low complexity
redhat debian mozilla CWE-269
5.0
2018-06-11 CVE-2017-7802 Use After Free vulnerability in multiple products
A use-after-free vulnerability can occur when manipulating the DOM during the resize event of an image element.
network
low complexity
debian redhat mozilla CWE-416
7.5
2018-06-11 CVE-2017-7801 Use After Free vulnerability in multiple products
A use-after-free vulnerability can occur while re-computing layout for a "marquee" element during window resizing where the updated style object is freed while still in use.
network
low complexity
debian redhat mozilla CWE-416
7.5
2018-06-11 CVE-2017-7800 Use After Free vulnerability in multiple products
A use-after-free vulnerability can occur in WebSockets when the object holding the connection is freed before the disconnection operation is finished.
network
low complexity
debian redhat mozilla CWE-416
7.5