Vulnerabilities > Mozilla > Firefox > 55.0.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-11 | CVE-2017-7825 | Improper Input Validation vulnerability in multiple products Several fonts on OS X display some Tibetan and Arabic characters as whitespace. | 5.0 |
| 2018-06-11 | CVE-2017-7824 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products A buffer overflow occurs when drawing and validating elements with the ANGLE graphics library, used for WebGL content. | 7.5 |
| 2018-06-11 | CVE-2017-7823 | Cross-site Scripting vulnerability in multiple products The content security policy (CSP) "sandbox" directive did not create a unique origin for the document, causing it to behave as if the "allow-same-origin" keyword were always specified. | 4.3 |
| 2018-06-11 | CVE-2017-7822 | Unspecified vulnerability in Mozilla Firefox The AES-GCM implementation in WebCrypto API accepts 0-length IV when it should require a length of 1 according to the NIST Special Publication 800-38D specification. | 5.0 |
| 2018-06-11 | CVE-2017-7821 | Incorrect Permission Assignment for Critical Resource vulnerability in Mozilla Firefox A vulnerability where WebExtensions can download and attempt to open a file of some non-executable file types. | 7.5 |
| 2018-06-11 | CVE-2017-7820 | Unspecified vulnerability in Mozilla Firefox The "instanceof" operator can bypass the Xray wrapper mechanism. | 5.0 |
| 2018-06-11 | CVE-2017-7819 | Use After Free vulnerability in multiple products A use-after-free vulnerability can occur in design mode when image objects are resized if objects referenced during the resizing have been freed from memory. | 7.5 |
| 2018-06-11 | CVE-2017-7818 | Use After Free vulnerability in multiple products A use-after-free vulnerability can occur when manipulating arrays of Accessible Rich Internet Applications (ARIA) elements within containers through the DOM. | 7.5 |
| 2018-06-11 | CVE-2017-7817 | Improper Input Validation vulnerability in Mozilla Firefox A spoofing vulnerability can occur when a page switches to fullscreen mode without user notification, allowing a fake address bar to be displayed. | 5.0 |
| 2018-06-11 | CVE-2017-7816 | Improper Input Validation vulnerability in Mozilla Firefox WebExtensions could use popups and panels in the extension UI to load an "about:" privileged URL, violating security checks that disallow this behavior. | 5.0 |