Vulnerabilities > Mozilla

DATE CVE VULNERABILITY TITLE RISK
2018-06-11 CVE-2016-9077 Race Condition vulnerability in Mozilla Firefox
Canvas allows the use of the "feDisplacementMap" filter on images loaded cross-origin.
local
high complexity
mozilla CWE-362
7.0
2018-06-11 CVE-2016-9076 Improper Input Validation vulnerability in Mozilla Firefox
An issue where a "<select>" dropdown menu can be used to cover location bar content, resulting in potential spoofing attacks.
network
high complexity
mozilla CWE-20
5.9
2018-06-11 CVE-2016-9075 Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox
An issue where WebExtensions can use the mozAddonManager API to elevate privilege due to privileged pages being allowed in the permissions list.
network
low complexity
mozilla CWE-264
critical
9.8
2018-06-11 CVE-2016-9074 Information Exposure vulnerability in multiple products
An existing mitigation of timing side-channel attacks is insufficient in some circumstances.
network
high complexity
mozilla debian CWE-200
5.9
2018-06-11 CVE-2016-9073 Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox
WebExtensions can bypass security checks to load privileged URLs and potentially escape the WebExtension sandbox.
network
low complexity
mozilla CWE-264
7.5
2018-06-11 CVE-2016-9072 7PK - Security Features vulnerability in Mozilla Firefox
When a new Firefox profile is created on 64-bit Windows installations, the sandbox for 64-bit NPAPI plugins is not enabled by default.
network
low complexity
mozilla CWE-254
7.5
2018-06-11 CVE-2016-9071 7PK - Security Features vulnerability in Mozilla Firefox
Content Security Policy combined with HTTP to HTTPS redirection can be used by malicious server to verify whether a known site is within a user's browser history.
network
low complexity
mozilla CWE-254
5.3
2018-06-11 CVE-2016-9070 Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox
A maliciously crafted page loaded to the sidebar through a bookmark can reference a privileged chrome window and engage in limited JavaScript operations violating cross-origin protections.
network
low complexity
mozilla CWE-264
8.0
2018-06-11 CVE-2016-9068 Use After Free vulnerability in Mozilla Firefox
A use-after-free during web animations when working with timelines resulting in a potentially exploitable crash.
network
low complexity
mozilla CWE-416
7.5
2018-06-11 CVE-2016-9067 Use After Free vulnerability in Mozilla Firefox
Two use-after-free errors during DOM operations resulting in potentially exploitable crashes.
network
low complexity
mozilla CWE-416
6.5