Vulnerabilities > Mozilla > Firefox > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-11 | CVE-2016-9903 | Cross-site Scripting vulnerability in Mozilla Firefox Mozilla's add-ons SDK had a world-accessible resource with an HTML injection vulnerability. | 6.1 |
| 2018-06-11 | CVE-2016-9895 | 7PK - Security Features vulnerability in multiple products Event handlers on "marquee" elements were executed despite a strict Content Security Policy (CSP) that disallowed inline JavaScript. | 6.1 |
| 2018-06-11 | CVE-2016-9076 | Improper Input Validation vulnerability in Mozilla Firefox An issue where a "<select>" dropdown menu can be used to cover location bar content, resulting in potential spoofing attacks. | 5.9 |
| 2018-06-11 | CVE-2016-9074 | Information Exposure vulnerability in multiple products An existing mitigation of timing side-channel attacks is insufficient in some circumstances. | 5.9 |
| 2018-06-11 | CVE-2016-9071 | 7PK - Security Features vulnerability in Mozilla Firefox Content Security Policy combined with HTTP to HTTPS redirection can be used by malicious server to verify whether a known site is within a user's browser history. | 5.3 |
| 2018-06-11 | CVE-2016-9067 | Use After Free vulnerability in Mozilla Firefox Two use-after-free errors during DOM operations resulting in potentially exploitable crashes. | 6.5 |
| 2018-06-11 | CVE-2016-9064 | Improper Certificate Validation vulnerability in Mozilla Firefox Add-on updates failed to verify that the add-on ID inside the signed package matched the ID of the add-on being updated. | 5.9 |
| 2018-06-11 | CVE-2016-5298 | Improper Input Validation vulnerability in Mozilla Firefox A mechanism where disruption of the loading of a new web page can cause the previous page's favicon and SSL indicator to not be reset when the new page is loaded. | 6.5 |
| 2018-06-11 | CVE-2016-5294 | Improper Input Validation vulnerability in Mozilla Firefox The Mozilla Updater can be made to choose an arbitrary target working directory for output files resulting from the update process. | 5.5 |
| 2018-06-11 | CVE-2016-5293 | Improper Input Validation vulnerability in multiple products When the Mozilla Updater is run, if the Updater's log file in the working directory points to a hardlink, data can be appended to an arbitrary local file. | 5.5 |