Vulnerabilities > Mozilla > Firefox > High

DATE CVE VULNERABILITY TITLE RISK
2018-06-11 CVE-2017-7835 Unspecified vulnerability in Mozilla Firefox
Mixed content blocking of insecure (HTTP) sub-resources in a secure (HTTPS) document was not correctly applied for resources that redirect from HTTPS to HTTP, allowing content that should be blocked, such as scripts, to be loaded on a page.
network
low complexity
mozilla
7.3
2018-06-11 CVE-2017-7814 Improper Input Validation vulnerability in multiple products
File downloads encoded with "blob:" and "data:" URL elements bypassed normal file download checks though the Phishing and Malware Protection feature and its block lists of suspicious sites and files.
local
low complexity
redhat mozilla debian CWE-20
7.8
2018-06-11 CVE-2017-7813 Incorrect Type Conversion or Cast vulnerability in Mozilla Firefox
Inside the JavaScript parser, a cast of an integer to a narrower type can result in data read from outside the buffer being parsed.
network
low complexity
mozilla CWE-704
8.2
2018-06-11 CVE-2017-7807 Improper Input Validation vulnerability in multiple products
A mechanism that uses AppCache to hijack a URL in a domain using fallback by serving the files from a sub-path on the domain.
network
low complexity
debian redhat mozilla CWE-20
8.1
2018-06-11 CVE-2017-7806 Use After Free vulnerability in Mozilla Firefox
A use-after-free vulnerability can occur when the layer manager is freed too early when rendering specific SVG content, resulting in a potentially exploitable crash.
network
low complexity
mozilla CWE-416
7.5
2018-06-11 CVE-2017-7805 Use After Free vulnerability in multiple products
During TLS 1.2 exchanges, handshake hashes are generated which point to a message buffer.
network
low complexity
mozilla debian CWE-416
7.5
2018-06-11 CVE-2017-7804 Improper Input Validation vulnerability in Mozilla Firefox
The destructor function for the "WindowsDllDetourPatcher" class can be re-purposed by malicious code in concert with another vulnerability to write arbitrary data to an attacker controlled location in memory.
network
low complexity
mozilla CWE-20
7.5
2018-06-11 CVE-2017-7803 Improper Privilege Management vulnerability in multiple products
When a page's content security policy (CSP) header contains a "sandbox" directive, other directives are ignored.
network
low complexity
redhat debian mozilla CWE-269
7.5
2018-06-11 CVE-2017-7798 Code Injection vulnerability in multiple products
The Developer Tools feature suffers from a XUL injection vulnerability due to improper sanitization of the web page source code.
network
low complexity
debian redhat mozilla CWE-94
8.8
2018-06-11 CVE-2017-7797 Origin Validation Error vulnerability in Mozilla Firefox
Response header name interning does not have same-origin protections and these headers are stored in a global registry.
network
low complexity
mozilla CWE-346
7.5