Vulnerabilities > Mozilla > Firefox > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-11 | CVE-2017-5387 | File and Directory Information Exposure vulnerability in Mozilla Firefox The existence of a specifically requested local file can be found due to the double firing of the "onerror" when the "source" attribute on a "<track>" tag refers to a file that does not exist if the source page is loaded locally. | 2.1 |
| 2018-06-11 | CVE-2017-5409 | Improper Privilege Management vulnerability in Mozilla Firefox and Firefox ESR The Mozilla Windows updater can be called by a non-privileged user to delete an arbitrary local file by passing a special path to the callback parameter through the Mozilla Maintenance Service, which has privileged access. | 3.6 |
| 2018-06-11 | CVE-2017-5427 | Race Condition vulnerability in Mozilla Firefox A non-existent chrome.manifest file will attempt to be loaded during startup from the primary installation directory. | 1.9 |
| 2018-06-11 | CVE-2017-7761 | Incorrect Default Permissions vulnerability in Mozilla Firefox and Firefox ESR The Mozilla Maintenance Service "helper.exe" application creates a temporary directory writable by non-privileged users. | 3.6 |
| 2018-06-11 | CVE-2017-7767 | Improper Privilege Management vulnerability in Mozilla Firefox and Firefox ESR The Mozilla Maintenance Service can be invoked by an unprivileged user to overwrite arbitrary files with junk data using the Mozilla Windows Updater, which runs with the Maintenance Service's privileged access. | 2.1 |
| 2018-06-11 | CVE-2017-7768 | Information Exposure vulnerability in Mozilla Firefox and Firefox ESR The Mozilla Maintenance Service can be invoked by an unprivileged user to read 32 bytes of any arbitrary file on the local system by convincing the service that it is reading a status file provided by the Mozilla Windows Updater. | 2.1 |
| 2018-06-11 | CVE-2017-7796 | Improper Input Validation vulnerability in Mozilla Firefox On Windows systems, the logger run by the Windows updater deletes the file "update.log" before it runs in order to write a new log of that name. | 3.3 |
| 2015-09-24 | CVE-2015-4508 | 7PK - Security Features vulnerability in Mozilla Firefox Mozilla Firefox before 41.0, when reader mode is enabled, allows remote attackers to spoof the relationship between address-bar URLs and web content via a crafted web site. | 2.6 |
| 2015-08-16 | CVE-2015-4481 | Race Condition vulnerability in multiple products Race condition in the Mozilla Maintenance Service in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Windows allows local users to write to arbitrary files and consequently gain privileges via vectors involving a hard link to a log file during an update. | 3.3 |
| 2015-05-21 | CVE-2015-4000 | Cryptographic Issues vulnerability in multiple products The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue. | 3.7 |