Vulnerabilities > Mozilla > Firefox > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-11 | CVE-2017-5393 | Cross-site Scripting vulnerability in Mozilla Firefox The "mozAddonManager" allows for the installation of extensions from the CDN for addons.mozilla.org, a publicly accessible site. | 6.1 |
| 2018-06-11 | CVE-2017-5389 | Open Redirect vulnerability in Mozilla Firefox WebExtensions could use the "mozAddonManager" API by modifying the CSP headers on sites with the appropriate permissions and then using host requests to redirect script loads to a malicious site. | 6.1 |
| 2018-06-11 | CVE-2017-5384 | Information Exposure vulnerability in Mozilla Firefox Proxy Auto-Config (PAC) files can specify a JavaScript function called for all URL requests with the full URL path which exposes more information than would be sent to the proxy itself in the case of HTTPS. | 5.9 |
| 2018-06-11 | CVE-2017-5383 | Improper Input Validation vulnerability in multiple products URLs containing certain unicode glyphs for alternative hyphens and quotes do not properly trigger punycode display, allowing for domain name spoofing attacks in the location bar. | 5.3 |
| 2018-06-11 | CVE-2016-9903 | Cross-site Scripting vulnerability in Mozilla Firefox Mozilla's add-ons SDK had a world-accessible resource with an HTML injection vulnerability. | 6.1 |
| 2018-06-11 | CVE-2016-9895 | 7PK - Security Features vulnerability in multiple products Event handlers on "marquee" elements were executed despite a strict Content Security Policy (CSP) that disallowed inline JavaScript. | 6.1 |
| 2018-06-11 | CVE-2016-9076 | Improper Input Validation vulnerability in Mozilla Firefox An issue where a "<select>" dropdown menu can be used to cover location bar content, resulting in potential spoofing attacks. | 5.9 |
| 2018-06-11 | CVE-2016-9074 | Information Exposure vulnerability in multiple products An existing mitigation of timing side-channel attacks is insufficient in some circumstances. | 5.9 |
| 2018-06-11 | CVE-2016-9071 | 7PK - Security Features vulnerability in Mozilla Firefox Content Security Policy combined with HTTP to HTTPS redirection can be used by malicious server to verify whether a known site is within a user's browser history. | 5.3 |
| 2018-06-11 | CVE-2016-9067 | Use After Free vulnerability in Mozilla Firefox Two use-after-free errors during DOM operations resulting in potentially exploitable crashes. | 6.5 |