Vulnerabilities > Mozilla > Firefox > 44.0.2
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-06-11 | CVE-2017-7791 | Improper Input Validation vulnerability in multiple products On pages containing an iframe, the "data:" protocol can be used to create a modal alert that will render over arbitrary domains following page navigation, spoofing of the origin of the modal alert from the iframe content. | 5.0 |
2018-06-11 | CVE-2017-7790 | Unspecified vulnerability in Mozilla Firefox On Windows systems, if non-null-terminated strings are copied into the crash reporter for some specific registry keys, stack memory data can be copied until a null is found. | 5.0 |
2018-06-11 | CVE-2017-7789 | Unspecified vulnerability in Mozilla Firefox If a server sends two Strict-Transport-Security (STS) headers for a single connection, they will be rejected as invalid and HTTP Strict Transport Security (HSTS) will not be enabled for the connection. | 5.0 |
2018-06-11 | CVE-2017-7788 | Injection vulnerability in Mozilla Firefox When an "iframe" has a "sandbox" attribute and its content is specified using "srcdoc", that content does not inherit the containing page's Content Security Policy (CSP) as it should unless the sandbox attribute included "allow-same-origin". | 7.5 |
2018-06-11 | CVE-2017-7787 | Information Exposure vulnerability in multiple products Same-origin policy protections can be bypassed on pages with embedded iframes during page reloads, allowing the iframes to access content on the top level page, leading to information disclosure. | 5.0 |
2018-06-11 | CVE-2017-7786 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products A buffer overflow can occur when the image renderer attempts to paint non-displayable SVG elements. | 9.8 |
2018-06-11 | CVE-2017-7785 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products A buffer overflow can occur when manipulating Accessible Rich Internet Applications (ARIA) attributes within the DOM. | 7.5 |
2018-06-11 | CVE-2017-7784 | Use After Free vulnerability in multiple products A use-after-free vulnerability can occur when reading an image observer during frame reconstruction after the observer has been freed. | 7.5 |
2018-06-11 | CVE-2017-7783 | Improper Input Validation vulnerability in Mozilla Firefox If a long user name is used in a username/password combination in a site URL (such as " http://UserName:[email protected]"), the resulting modal prompt will hang in a non-responsive state or crash, causing a denial of service. | 5.0 |
2018-06-11 | CVE-2017-7782 | Improper Privilege Management vulnerability in Mozilla Firefox, Firefox ESR and Thunderbird An error in the "WindowsDllDetourPatcher" where a RWX ("Read/Write/Execute") 4k block is allocated but never protected, violating DEP protections. | 5.0 |