Vulnerabilities > Mozilla

DATE CVE VULNERABILITY TITLE RISK
2018-06-11 CVE-2017-7817 Improper Input Validation vulnerability in Mozilla Firefox
A spoofing vulnerability can occur when a page switches to fullscreen mode without user notification, allowing a fake address bar to be displayed.
network
low complexity
mozilla CWE-20
5.3
2018-06-11 CVE-2017-7816 Improper Input Validation vulnerability in Mozilla Firefox
WebExtensions could use popups and panels in the extension UI to load an "about:" privileged URL, violating security checks that disallow this behavior.
network
low complexity
mozilla CWE-20
5.3
2018-06-11 CVE-2017-7815 Improper Input Validation vulnerability in Mozilla Firefox
On pages containing an iframe, the "data:" protocol can be used to create a modal dialog through Javascript that will have an arbitrary domains as the dialog's location, spoofing of the origin of the modal dialog from the user view.
network
low complexity
mozilla CWE-20
5.3
2018-06-11 CVE-2017-7814 Improper Input Validation vulnerability in multiple products
File downloads encoded with "blob:" and "data:" URL elements bypassed normal file download checks though the Phishing and Malware Protection feature and its block lists of suspicious sites and files.
local
low complexity
redhat mozilla debian CWE-20
7.8
2018-06-11 CVE-2017-7813 Incorrect Type Conversion or Cast vulnerability in Mozilla Firefox
Inside the JavaScript parser, a cast of an integer to a narrower type can result in data read from outside the buffer being parsed.
network
low complexity
mozilla CWE-704
8.2
2018-06-11 CVE-2017-7812 Information Exposure vulnerability in Mozilla Firefox
If web content on a page is dragged onto portions of the browser UI, such as the tab bar, links can be opened that otherwise would not be allowed to open.
network
low complexity
mozilla CWE-200
5.3
2018-06-11 CVE-2017-7811 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mozilla Firefox
Memory safety bugs were reported in Firefox 55.
network
low complexity
mozilla CWE-119
critical
9.8
2018-06-11 CVE-2017-7810 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Memory safety bugs were reported in Firefox 55 and Firefox ESR 52.3.
network
low complexity
debian redhat canonical mozilla CWE-119
critical
9.8
2018-06-11 CVE-2017-7809 Use After Free vulnerability in multiple products
A use-after-free vulnerability can occur when an editor DOM node is deleted prematurely during tree traversal while still bound to the document.
network
low complexity
debian redhat mozilla CWE-416
critical
9.8
2018-06-11 CVE-2017-7808 Origin Validation Error vulnerability in Mozilla Firefox
A content security policy (CSP) "frame-ancestors" directive containing origins with paths allows for comparisons against those paths instead of the origin.
network
low complexity
mozilla CWE-346
5.3