Vulnerabilities > Mozilla > Firefox
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-11 | CVE-2017-7845 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mozilla Firefox A buffer overflow occurs when drawing and validating elements using Direct 3D 9 with the ANGLE graphics library, used for WebGL content. | 8.8 |
| 2018-06-11 | CVE-2017-7844 | Information Exposure vulnerability in Mozilla Firefox A combination of an external SVG image referenced on a page and the coloring of anchor links stored within this image can be used to determine which pages a user has in their history. | 6.5 |
| 2018-06-11 | CVE-2017-7843 | Information Exposure vulnerability in multiple products When Private Browsing mode is used, it is possible for a web worker to write persistent data to IndexedDB and fingerprint a user uniquely. | 7.5 |
| 2018-06-11 | CVE-2017-7842 | Information Exposure vulnerability in Mozilla Firefox If a document's Referrer Policy attribute is set to "no-referrer" sometimes two network requests are made for "<link>" elements instead of one. | 5.3 |
| 2018-06-11 | CVE-2017-7840 | Cross-site Scripting vulnerability in Mozilla Firefox JavaScript can be injected into an exported bookmarks file by placing JavaScript code into user-supplied tags in saved bookmarks. | 6.1 |
| 2018-06-11 | CVE-2017-7839 | Cross-site Scripting vulnerability in Mozilla Firefox Control characters prepended before "javascript:" URLs pasted in the addressbar can cause the leading characters to be ignored and the pasted JavaScript to be executed instead of being blocked. | 6.1 |
| 2018-06-11 | CVE-2017-7838 | Improper Input Validation vulnerability in Mozilla Firefox Punycode format text will be displayed for entire qualified international domain names in some instances when a sub-domain triggers the punycode display instead of the primary domain being displayed in native script and the sub-domain only displaying as punycode. | 5.3 |
| 2018-06-11 | CVE-2017-7837 | Improper Input Validation vulnerability in Mozilla Firefox SVG loaded through "<img>" tags can use "<meta>" tags within the SVG data to set cookies for that page. | 5.3 |
| 2018-06-11 | CVE-2017-7836 | Uncontrolled Search Path Element vulnerability in Mozilla Firefox The "pingsender" executable used by the Firefox Health Report dynamically loads a system copy of libcurl, which an attacker could replace. | 7.8 |
| 2018-06-11 | CVE-2017-7835 | Unspecified vulnerability in Mozilla Firefox Mixed content blocking of insecure (HTTP) sub-resources in a secure (HTTPS) document was not correctly applied for resources that redirect from HTTPS to HTTP, allowing content that should be blocked, such as scripts, to be loaded on a page. | 7.3 |