Vulnerabilities > Mozilla > Firefox > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-06-11 | CVE-2017-7808 | Origin Validation Error vulnerability in Mozilla Firefox A content security policy (CSP) "frame-ancestors" directive containing origins with paths allows for comparisons against those paths instead of the origin. | 5.3 |
2018-06-11 | CVE-2017-7799 | Cross-site Scripting vulnerability in Mozilla Firefox JavaScript in the "about:webrtc" page is not sanitized properly being assigned to "innerHTML". | 6.1 |
2018-06-11 | CVE-2017-7796 | Improper Input Validation vulnerability in Mozilla Firefox On Windows systems, the logger run by the Windows updater deletes the file "update.log" before it runs in order to write a new log of that name. | 4.7 |
2018-06-11 | CVE-2017-7791 | Improper Input Validation vulnerability in multiple products On pages containing an iframe, the "data:" protocol can be used to create a modal alert that will render over arbitrary domains following page navigation, spoofing of the origin of the modal alert from the iframe content. | 5.3 |
2018-06-11 | CVE-2017-7789 | Unspecified vulnerability in Mozilla Firefox If a server sends two Strict-Transport-Security (STS) headers for a single connection, they will be rejected as invalid and HTTP Strict Transport Security (HSTS) will not be enabled for the connection. | 5.3 |
2018-06-11 | CVE-2017-7782 | Improper Privilege Management vulnerability in Mozilla Firefox An error in the "WindowsDllDetourPatcher" where a RWX ("Read/Write/Execute") 4k block is allocated but never protected, violating DEP protections. | 5.3 |
2018-06-11 | CVE-2017-7781 | Unspecified vulnerability in Mozilla Firefox An error occurs in the elliptic curve point addition algorithm that uses mixed Jacobian-affine coordinates where it can yield a result "POINT_AT_INFINITY" when it should not. | 5.9 |
2018-06-11 | CVE-2017-7770 | Improper Input Validation vulnerability in Mozilla Firefox A mechanism where when a new tab is loaded through JavaScript events, if fullscreen mode is then entered, the addressbar will not be rendered. | 5.9 |
2018-06-11 | CVE-2017-7768 | Information Exposure vulnerability in Mozilla Firefox The Mozilla Maintenance Service can be invoked by an unprivileged user to read 32 bytes of any arbitrary file on the local system by convincing the service that it is reading a status file provided by the Mozilla Windows Updater. | 5.5 |
2018-06-11 | CVE-2017-7767 | Improper Privilege Management vulnerability in Mozilla Firefox The Mozilla Maintenance Service can be invoked by an unprivileged user to overwrite arbitrary files with junk data using the Mozilla Windows Updater, which runs with the Maintenance Service's privileged access. | 5.5 |