Vulnerabilities > Mozilla > Firefox > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-11 | CVE-2017-7781 | Unspecified vulnerability in Mozilla Firefox An error occurs in the elliptic curve point addition algorithm that uses mixed Jacobian-affine coordinates where it can yield a result "POINT_AT_INFINITY" when it should not. | 5.9 |
| 2018-06-11 | CVE-2017-7770 | Improper Input Validation vulnerability in Mozilla Firefox A mechanism where when a new tab is loaded through JavaScript events, if fullscreen mode is then entered, the addressbar will not be rendered. | 5.9 |
| 2018-06-11 | CVE-2017-7768 | Information Exposure vulnerability in Mozilla Firefox The Mozilla Maintenance Service can be invoked by an unprivileged user to read 32 bytes of any arbitrary file on the local system by convincing the service that it is reading a status file provided by the Mozilla Windows Updater. | 5.5 |
| 2018-06-11 | CVE-2017-7767 | Improper Privilege Management vulnerability in Mozilla Firefox The Mozilla Maintenance Service can be invoked by an unprivileged user to overwrite arbitrary files with junk data using the Mozilla Windows Updater, which runs with the Maintenance Service's privileged access. | 5.5 |
| 2018-06-11 | CVE-2017-7764 | Improper Input Validation vulnerability in multiple products Characters from the "Canadian Syllabics" unicode block can be mixed with characters from other unicode blocks in the addressbar instead of being rendered as their raw "punycode" form, allowing for domain name spoofing attacks through character confusion. | 5.3 |
| 2018-06-11 | CVE-2017-7763 | Improper Input Validation vulnerability in multiple products Default fonts on OS X display some Tibetan characters as whitespace. | 5.3 |
| 2018-06-11 | CVE-2017-7761 | Incorrect Default Permissions vulnerability in Mozilla Firefox The Mozilla Maintenance Service "helper.exe" application creates a temporary directory writable by non-privileged users. | 5.5 |
| 2018-06-11 | CVE-2017-5466 | Cross-site Scripting vulnerability in multiple products If a page is loaded from an original site through a hyperlink and contains a redirect to a "data:text/html" URL, triggering a reload will run the reloaded "data:text/html" page with its origin set incorrectly. | 6.1 |
| 2018-06-11 | CVE-2017-5463 | Improper Input Validation vulnerability in Mozilla Firefox Android intents can be used to launch Firefox for Android in reader mode with a user specified URL. | 5.3 |
| 2018-06-11 | CVE-2017-5462 | Incorrect Calculation vulnerability in multiple products A flaw in DRBG number generation within the Network Security Services (NSS) library where the internal state V does not correctly carry bits over. | 5.3 |