Vulnerabilities > Mozilla > Firefox > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-11 | CVE-2018-5110 | Improper Input Validation vulnerability in Mozilla Firefox If cursor visibility is toggled by script using from 'none' to an image and back through script, the cursor will be rendered temporarily invisible within Firefox. | 5.3 |
| 2018-06-11 | CVE-2018-5109 | Origin Validation Error vulnerability in multiple products An audio capture session can started under an incorrect origin from the site making the capture request. | 5.3 |
| 2018-06-11 | CVE-2018-5108 | Information Exposure vulnerability in multiple products A Blob URL can violate origin attribute segregation, allowing it to be accessed from a private browsing tab and for data to be passed between the private browsing tab and a normal tab. | 4.3 |
| 2018-06-11 | CVE-2018-5107 | Link Following vulnerability in multiple products The printing process can bypass local access protections to read files available through symlinks, bypassing local file restrictions. | 5.3 |
| 2018-06-11 | CVE-2018-5106 | Information Exposure vulnerability in multiple products Style editor traffic in the Developer Tools can be routed through a service worker hosted on a third party website if a user selects error links when these tools are open. | 5.3 |
| 2018-06-11 | CVE-2017-7844 | Information Exposure vulnerability in Mozilla Firefox A combination of an external SVG image referenced on a page and the coloring of anchor links stored within this image can be used to determine which pages a user has in their history. | 6.5 |
| 2018-06-11 | CVE-2017-7842 | Information Exposure vulnerability in Mozilla Firefox If a document's Referrer Policy attribute is set to "no-referrer" sometimes two network requests are made for "<link>" elements instead of one. | 5.3 |
| 2018-06-11 | CVE-2017-7840 | Cross-site Scripting vulnerability in Mozilla Firefox JavaScript can be injected into an exported bookmarks file by placing JavaScript code into user-supplied tags in saved bookmarks. | 6.1 |
| 2018-06-11 | CVE-2017-7839 | Cross-site Scripting vulnerability in Mozilla Firefox Control characters prepended before "javascript:" URLs pasted in the addressbar can cause the leading characters to be ignored and the pasted JavaScript to be executed instead of being blocked. | 6.1 |
| 2018-06-11 | CVE-2017-7838 | Improper Input Validation vulnerability in Mozilla Firefox Punycode format text will be displayed for entire qualified international domain names in some instances when a sub-domain triggers the punycode display instead of the primary domain being displayed in native script and the sub-domain only displaying as punycode. | 5.3 |