Vulnerabilities > Mozilla > Firefox > 53.0.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-11 | CVE-2017-7789 | Unspecified vulnerability in Mozilla Firefox If a server sends two Strict-Transport-Security (STS) headers for a single connection, they will be rejected as invalid and HTTP Strict Transport Security (HSTS) will not be enabled for the connection. | 5.0 |
| 2018-06-11 | CVE-2017-7788 | Injection vulnerability in Mozilla Firefox When an "iframe" has a "sandbox" attribute and its content is specified using "srcdoc", that content does not inherit the containing page's Content Security Policy (CSP) as it should unless the sandbox attribute included "allow-same-origin". | 7.5 |
| 2018-06-11 | CVE-2017-7787 | Information Exposure vulnerability in multiple products Same-origin policy protections can be bypassed on pages with embedded iframes during page reloads, allowing the iframes to access content on the top level page, leading to information disclosure. | 5.0 |
| 2018-06-11 | CVE-2017-7786 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products A buffer overflow can occur when the image renderer attempts to paint non-displayable SVG elements. | 7.5 |
| 2018-06-11 | CVE-2017-7785 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products A buffer overflow can occur when manipulating Accessible Rich Internet Applications (ARIA) attributes within the DOM. | 7.5 |
| 2018-06-11 | CVE-2017-7784 | Use After Free vulnerability in multiple products A use-after-free vulnerability can occur when reading an image observer during frame reconstruction after the observer has been freed. | 7.5 |
| 2018-06-11 | CVE-2017-7783 | Improper Input Validation vulnerability in Mozilla Firefox If a long user name is used in a username/password combination in a site URL (such as " http://UserName:[email protected]"), the resulting modal prompt will hang in a non-responsive state or crash, causing a denial of service. | 5.0 |
| 2018-06-11 | CVE-2017-7782 | Improper Privilege Management vulnerability in Mozilla Firefox, Firefox ESR and Thunderbird An error in the "WindowsDllDetourPatcher" where a RWX ("Read/Write/Execute") 4k block is allocated but never protected, violating DEP protections. | 5.0 |
| 2018-06-11 | CVE-2017-7781 | Unspecified vulnerability in Mozilla Firefox An error occurs in the elliptic curve point addition algorithm that uses mixed Jacobian-affine coordinates where it can yield a result "POINT_AT_INFINITY" when it should not. network mozilla | 4.3 |
| 2018-06-11 | CVE-2017-7780 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mozilla Firefox Memory safety bugs were reported in Firefox 54. | 7.5 |