Vulnerabilities > Mozilla > Firefox

DATE CVE VULNERABILITY TITLE RISK
2018-06-11 CVE-2016-9075 Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox
An issue where WebExtensions can use the mozAddonManager API to elevate privilege due to privileged pages being allowed in the permissions list.
network
low complexity
mozilla CWE-264
critical
9.8
2018-06-11 CVE-2016-9074 Information Exposure vulnerability in multiple products
An existing mitigation of timing side-channel attacks is insufficient in some circumstances.
network
high complexity
mozilla debian CWE-200
5.9
2018-06-11 CVE-2016-9073 Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox
WebExtensions can bypass security checks to load privileged URLs and potentially escape the WebExtension sandbox.
network
low complexity
mozilla CWE-264
7.5
2018-06-11 CVE-2016-9072 7PK - Security Features vulnerability in Mozilla Firefox
When a new Firefox profile is created on 64-bit Windows installations, the sandbox for 64-bit NPAPI plugins is not enabled by default.
network
low complexity
mozilla CWE-254
7.5
2018-06-11 CVE-2016-9071 7PK - Security Features vulnerability in Mozilla Firefox
Content Security Policy combined with HTTP to HTTPS redirection can be used by malicious server to verify whether a known site is within a user's browser history.
network
low complexity
mozilla CWE-254
5.3
2018-06-11 CVE-2016-9070 Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox
A maliciously crafted page loaded to the sidebar through a bookmark can reference a privileged chrome window and engage in limited JavaScript operations violating cross-origin protections.
network
low complexity
mozilla CWE-264
8.0
2018-06-11 CVE-2016-9068 Use After Free vulnerability in Mozilla Firefox
A use-after-free during web animations when working with timelines resulting in a potentially exploitable crash.
network
low complexity
mozilla CWE-416
7.5
2018-06-11 CVE-2016-9067 Use After Free vulnerability in Mozilla Firefox
Two use-after-free errors during DOM operations resulting in potentially exploitable crashes.
network
low complexity
mozilla CWE-416
6.5
2018-06-11 CVE-2016-9066 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
A buffer overflow resulting in a potentially exploitable crash due to memory allocation issues when handling large amounts of incoming data.
network
low complexity
mozilla debian CWE-119
7.5
2018-06-11 CVE-2016-9065 Improper Input Validation vulnerability in Mozilla Firefox
The location bar in Firefox for Android can be spoofed by forcing a user into fullscreen mode, blocking its exiting, and creating of a fake location bar without any user notification.
network
low complexity
mozilla CWE-20
7.5