Vulnerabilities > Mozilla > Firefox

DATE CVE VULNERABILITY TITLE RISK
2018-06-11 CVE-2017-5415 Improper Input Validation vulnerability in Mozilla Firefox
An attack can use a blob URL and script to spoof an arbitrary addressbar URL prefaced by "blob:" as the protocol, leading to user confusion and further spoofing attacks.
network
low complexity
mozilla CWE-20
5.3
2018-06-11 CVE-2017-5414 Information Exposure vulnerability in Mozilla Firefox
The file picker dialog can choose and display the wrong local default directory when instantiated.
local
low complexity
mozilla CWE-200
5.5
2018-06-11 CVE-2017-5413 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mozilla Firefox
A segmentation fault can occur during some bidirectional layout operations.
network
low complexity
mozilla CWE-119
critical
9.8
2018-06-11 CVE-2017-5412 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mozilla Firefox
A buffer overflow read during SVG filter color value operations, resulting in data exposure.
network
low complexity
mozilla CWE-119
7.5
2018-06-11 CVE-2017-5411 Use After Free vulnerability in Mozilla Firefox
A use-after-free can occur during buffer storage operations within the ANGLE graphics library, used for WebGL content.
network
low complexity
mozilla CWE-416
7.5
2018-06-11 CVE-2017-5410 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Memory corruption resulting in a potentially exploitable crash during garbage collection of JavaScript due errors in how incremental sweeping is managed for memory cleanup.
network
low complexity
debian redhat mozilla CWE-119
critical
9.8
2018-06-11 CVE-2017-5409 Improper Privilege Management vulnerability in Mozilla Firefox
The Mozilla Windows updater can be called by a non-privileged user to delete an arbitrary local file by passing a special path to the callback parameter through the Mozilla Maintenance Service, which has privileged access.
local
low complexity
mozilla CWE-269
5.5
2018-06-11 CVE-2017-5408 Information Exposure vulnerability in multiple products
Video files loaded video captions cross-origin without checking for the presence of CORS headers permitting such cross-origin use, leading to potential information disclosure for video captions.
network
low complexity
debian redhat mozilla CWE-200
5.3
2018-06-11 CVE-2017-5407 Information Exposure vulnerability in multiple products
Using SVG filters that don't use the fixed point math implementation on a target iframe, a malicious page can extract pixel values from a targeted user.
network
low complexity
debian redhat mozilla CWE-200
6.5
2018-06-11 CVE-2017-5406 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mozilla Thunderbird
A segmentation fault can occur in the Skia graphics library during some canvas operations due to issues with mask/clip intersection and empty masks.
network
low complexity
mozilla CWE-119
7.5