Vulnerabilities > Mozilla > Firefox

DATE CVE VULNERABILITY TITLE RISK
2018-06-11 CVE-2017-7764 Improper Input Validation vulnerability in multiple products
Characters from the "Canadian Syllabics" unicode block can be mixed with characters from other unicode blocks in the addressbar instead of being rendered as their raw "punycode" form, allowing for domain name spoofing attacks through character confusion.
network
low complexity
mozilla debian CWE-20
5.3
2018-06-11 CVE-2017-7763 Improper Input Validation vulnerability in multiple products
Default fonts on OS X display some Tibetan characters as whitespace.
network
low complexity
mozilla debian CWE-20
5.3
2018-06-11 CVE-2017-7762 Improper Input Validation vulnerability in multiple products
When entered directly, Reader Mode did not strip the username and password section of URLs displayed in the addressbar.
network
low complexity
redhat mozilla CWE-20
7.5
2018-06-11 CVE-2017-7761 Incorrect Default Permissions vulnerability in Mozilla Firefox
The Mozilla Maintenance Service "helper.exe" application creates a temporary directory writable by non-privileged users.
local
low complexity
mozilla CWE-276
5.5
2018-06-11 CVE-2017-7760 Channel and Path Errors vulnerability in Mozilla Firefox
The Mozilla Windows updater modifies some files to be updated by reading the original file and applying changes to it.
local
low complexity
mozilla CWE-417
7.8
2018-06-11 CVE-2017-7759 Information Exposure vulnerability in multiple products
Android intent URLs given to Firefox for Android can be used to navigate from HTTP or HTTPS URLs to local "file:" URLs, allowing for the reading of local data through a violation of same-origin policy.
network
low complexity
mozilla google CWE-200
7.5
2018-06-11 CVE-2017-7758 Out-of-bounds Read vulnerability in multiple products
An out-of-bounds read vulnerability with the Opus encoder when the number of channels in an audio stream changes while the encoder is in use.
network
low complexity
redhat mozilla debian CWE-125
critical
9.1
2018-06-11 CVE-2017-7757 Use After Free vulnerability in multiple products
A use-after-free vulnerability in IndexedDB when one of its objects is destroyed in memory while a method on it is still being executed.
network
low complexity
mozilla debian CWE-416
critical
9.8
2018-06-11 CVE-2017-7756 Use After Free vulnerability in multiple products
A use-after-free and use-after-scope vulnerability when logging errors from headers for XML HTTP Requests (XHR).
network
low complexity
mozilla debian CWE-416
critical
9.8
2018-06-11 CVE-2017-7755 Untrusted Search Path vulnerability in Mozilla Firefox
The Firefox installer on Windows can be made to load malicious DLL files stored in the same directory as the installer when it is run.
local
low complexity
mozilla CWE-426
7.8