Vulnerabilities > Mozilla > Firefox > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-06-11 | CVE-2017-5405 | DEPRECATED: Use of Uninitialized Resource vulnerability in multiple products Certain response codes in FTP connections can result in the use of uninitialized values for ports in FTP operations. | 5.3 |
2018-06-11 | CVE-2017-5395 | Improper Input Validation vulnerability in Mozilla Firefox Malicious sites can display a spoofed location bar on a subsequently loaded page when the existing location bar on the new page is scrolled out of view if navigations between pages can be timed correctly. | 4.3 |
2018-06-11 | CVE-2017-5393 | Cross-site Scripting vulnerability in Mozilla Firefox The "mozAddonManager" allows for the installation of extensions from the CDN for addons.mozilla.org, a publicly accessible site. | 6.1 |
2018-06-11 | CVE-2017-5389 | Open Redirect vulnerability in Mozilla Firefox WebExtensions could use the "mozAddonManager" API by modifying the CSP headers on sites with the appropriate permissions and then using host requests to redirect script loads to a malicious site. | 6.1 |
2018-06-11 | CVE-2017-5384 | Information Exposure vulnerability in Mozilla Firefox Proxy Auto-Config (PAC) files can specify a JavaScript function called for all URL requests with the full URL path which exposes more information than would be sent to the proxy itself in the case of HTTPS. | 5.9 |
2018-06-11 | CVE-2017-5383 | Improper Input Validation vulnerability in multiple products URLs containing certain unicode glyphs for alternative hyphens and quotes do not properly trigger punycode display, allowing for domain name spoofing attacks in the location bar. | 5.3 |
2018-06-11 | CVE-2016-9903 | Cross-site Scripting vulnerability in Mozilla Firefox Mozilla's add-ons SDK had a world-accessible resource with an HTML injection vulnerability. | 6.1 |
2018-06-11 | CVE-2016-9895 | 7PK - Security Features vulnerability in multiple products Event handlers on "marquee" elements were executed despite a strict Content Security Policy (CSP) that disallowed inline JavaScript. | 6.1 |
2018-06-11 | CVE-2016-9076 | Improper Input Validation vulnerability in Mozilla Firefox An issue where a "<select>" dropdown menu can be used to cover location bar content, resulting in potential spoofing attacks. | 5.9 |
2018-06-11 | CVE-2016-9074 | Information Exposure vulnerability in multiple products An existing mitigation of timing side-channel attacks is insufficient in some circumstances. | 5.9 |