Vulnerabilities > Mozilla > Firefox > 44.0.2

DATE CVE VULNERABILITY TITLE RISK
2018-06-11 CVE-2017-7845 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mozilla Firefox, Firefox ESR and Thunderbird
A buffer overflow occurs when drawing and validating elements using Direct 3D 9 with the ANGLE graphics library, used for WebGL content.
network
mozilla microsoft CWE-119
critical
9.3
2018-06-11 CVE-2017-7844 Information Exposure vulnerability in Mozilla Firefox
A combination of an external SVG image referenced on a page and the coloring of anchor links stored within this image can be used to determine which pages a user has in their history.
network
mozilla CWE-200
4.3
2018-06-11 CVE-2017-7843 Information Exposure vulnerability in multiple products
When Private Browsing mode is used, it is possible for a web worker to write persistent data to IndexedDB and fingerprint a user uniquely.
network
low complexity
debian mozilla redhat CWE-200
5.0
2018-06-11 CVE-2017-7842 Information Exposure vulnerability in Mozilla Firefox
If a document's Referrer Policy attribute is set to "no-referrer" sometimes two network requests are made for "<link>" elements instead of one.
network
low complexity
mozilla CWE-200
5.0
2018-06-11 CVE-2017-7840 Cross-site Scripting vulnerability in Mozilla Firefox
JavaScript can be injected into an exported bookmarks file by placing JavaScript code into user-supplied tags in saved bookmarks.
network
mozilla CWE-79
4.3
2018-06-11 CVE-2017-7839 Cross-site Scripting vulnerability in Mozilla Firefox
Control characters prepended before "javascript:" URLs pasted in the addressbar can cause the leading characters to be ignored and the pasted JavaScript to be executed instead of being blocked.
network
mozilla CWE-79
4.3
2018-06-11 CVE-2017-7838 Improper Input Validation vulnerability in Mozilla Firefox
Punycode format text will be displayed for entire qualified international domain names in some instances when a sub-domain triggers the punycode display instead of the primary domain being displayed in native script and the sub-domain only displaying as punycode.
network
low complexity
mozilla CWE-20
5.0
2018-06-11 CVE-2017-7837 Improper Input Validation vulnerability in Mozilla Firefox
SVG loaded through "<img>" tags can use "<meta>" tags within the SVG data to set cookies for that page.
network
low complexity
mozilla CWE-20
5.0
2018-06-11 CVE-2017-7836 Uncontrolled Search Path Element vulnerability in Mozilla Firefox
The "pingsender" executable used by the Firefox Health Report dynamically loads a system copy of libcurl, which an attacker could replace.
local
low complexity
mozilla apple linux CWE-427
4.6
2018-06-11 CVE-2017-7835 Unspecified vulnerability in Mozilla Firefox
Mixed content blocking of insecure (HTTP) sub-resources in a secure (HTTPS) document was not correctly applied for resources that redirect from HTTPS to HTTP, allowing content that should be blocked, such as scripts, to be loaded on a page.
network
low complexity
mozilla
7.5