Vulnerabilities > Mozilla > Firefox > 44.0.2

DATE CVE VULNERABILITY TITLE RISK
2018-06-11 CVE-2017-7813 Incorrect Type Conversion or Cast vulnerability in Mozilla Firefox
Inside the JavaScript parser, a cast of an integer to a narrower type can result in data read from outside the buffer being parsed.
network
low complexity
mozilla CWE-704
6.4
2018-06-11 CVE-2017-7812 Information Exposure vulnerability in Mozilla Firefox
If web content on a page is dragged onto portions of the browser UI, such as the tab bar, links can be opened that otherwise would not be allowed to open.
network
low complexity
mozilla CWE-200
5.0
2018-06-11 CVE-2017-7811 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mozilla Firefox
Memory safety bugs were reported in Firefox 55.
network
low complexity
mozilla CWE-119
critical
10.0
2018-06-11 CVE-2017-7810 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Memory safety bugs were reported in Firefox 55 and Firefox ESR 52.3.
network
low complexity
debian redhat canonical mozilla CWE-119
critical
10.0
2018-06-11 CVE-2017-7809 Use After Free vulnerability in multiple products
A use-after-free vulnerability can occur when an editor DOM node is deleted prematurely during tree traversal while still bound to the document.
network
low complexity
debian redhat mozilla CWE-416
7.5
2018-06-11 CVE-2017-7808 Information Exposure vulnerability in Mozilla Firefox
A content security policy (CSP) "frame-ancestors" directive containing origins with paths allows for comparisons against those paths instead of the origin.
network
low complexity
mozilla CWE-200
5.0
2018-06-11 CVE-2017-7807 Improper Input Validation vulnerability in multiple products
A mechanism that uses AppCache to hijack a URL in a domain using fallback by serving the files from a sub-path on the domain.
5.8
2018-06-11 CVE-2017-7806 Use After Free vulnerability in Mozilla Firefox
A use-after-free vulnerability can occur when the layer manager is freed too early when rendering specific SVG content, resulting in a potentially exploitable crash.
network
low complexity
mozilla CWE-416
5.0
2018-06-11 CVE-2017-7804 Improper Input Validation vulnerability in Mozilla Firefox, Firefox ESR and Thunderbird
The destructor function for the "WindowsDllDetourPatcher" class can be re-purposed by malicious code in concert with another vulnerability to write arbitrary data to an attacker controlled location in memory.
network
low complexity
mozilla microsoft CWE-20
5.0
2018-06-11 CVE-2017-7803 Improper Privilege Management vulnerability in multiple products
When a page's content security policy (CSP) header contains a "sandbox" directive, other directives are ignored.
network
low complexity
redhat debian mozilla CWE-269
5.0