Vulnerabilities > Mozilla > Firefox

DATE CVE VULNERABILITY TITLE RISK
2018-06-11 CVE-2017-7823 Cross-site Scripting vulnerability in multiple products
The content security policy (CSP) "sandbox" directive did not create a unique origin for the document, causing it to behave as if the "allow-same-origin" keyword were always specified.
network
low complexity
redhat debian mozilla CWE-79
5.4
2018-06-11 CVE-2017-7822 Unspecified vulnerability in Mozilla Firefox
The AES-GCM implementation in WebCrypto API accepts 0-length IV when it should require a length of 1 according to the NIST Special Publication 800-38D specification.
network
low complexity
mozilla
5.3
2018-06-11 CVE-2017-7821 Incorrect Permission Assignment for Critical Resource vulnerability in Mozilla Firefox
A vulnerability where WebExtensions can download and attempt to open a file of some non-executable file types.
network
low complexity
mozilla CWE-732
critical
9.8
2018-06-11 CVE-2017-7820 Unspecified vulnerability in Mozilla Firefox
The "instanceof" operator can bypass the Xray wrapper mechanism.
network
low complexity
mozilla
5.3
2018-06-11 CVE-2017-7819 Use After Free vulnerability in multiple products
A use-after-free vulnerability can occur in design mode when image objects are resized if objects referenced during the resizing have been freed from memory.
network
low complexity
redhat debian mozilla CWE-416
critical
9.8
2018-06-11 CVE-2017-7818 Use After Free vulnerability in multiple products
A use-after-free vulnerability can occur when manipulating arrays of Accessible Rich Internet Applications (ARIA) elements within containers through the DOM.
network
low complexity
redhat debian mozilla CWE-416
critical
9.8
2018-06-11 CVE-2017-7817 Improper Input Validation vulnerability in Mozilla Firefox
A spoofing vulnerability can occur when a page switches to fullscreen mode without user notification, allowing a fake address bar to be displayed.
network
low complexity
mozilla CWE-20
5.3
2018-06-11 CVE-2017-7816 Improper Input Validation vulnerability in Mozilla Firefox
WebExtensions could use popups and panels in the extension UI to load an "about:" privileged URL, violating security checks that disallow this behavior.
network
low complexity
mozilla CWE-20
5.3
2018-06-11 CVE-2017-7815 Improper Input Validation vulnerability in Mozilla Firefox
On pages containing an iframe, the "data:" protocol can be used to create a modal dialog through Javascript that will have an arbitrary domains as the dialog's location, spoofing of the origin of the modal dialog from the user view.
network
low complexity
mozilla CWE-20
5.3
2018-06-11 CVE-2017-7814 Improper Input Validation vulnerability in multiple products
File downloads encoded with "blob:" and "data:" URL elements bypassed normal file download checks though the Phishing and Malware Protection feature and its block lists of suspicious sites and files.
local
low complexity
redhat mozilla debian CWE-20
7.8