Vulnerabilities > Mozilla > High

DATE CVE VULNERABILITY TITLE RISK
2018-06-11 CVE-2017-7807 Improper Input Validation vulnerability in multiple products
A mechanism that uses AppCache to hijack a URL in a domain using fallback by serving the files from a sub-path on the domain.
network
low complexity
debian redhat mozilla CWE-20
8.1
2018-06-11 CVE-2017-7806 Use After Free vulnerability in Mozilla Firefox
A use-after-free vulnerability can occur when the layer manager is freed too early when rendering specific SVG content, resulting in a potentially exploitable crash.
network
low complexity
mozilla CWE-416
7.5
2018-06-11 CVE-2017-7805 Use After Free vulnerability in multiple products
During TLS 1.2 exchanges, handshake hashes are generated which point to a message buffer.
network
low complexity
mozilla debian CWE-416
7.5
2018-06-11 CVE-2017-7804 Improper Input Validation vulnerability in Mozilla Firefox
The destructor function for the "WindowsDllDetourPatcher" class can be re-purposed by malicious code in concert with another vulnerability to write arbitrary data to an attacker controlled location in memory.
network
low complexity
mozilla CWE-20
7.5
2018-06-11 CVE-2017-7803 Improper Privilege Management vulnerability in multiple products
When a page's content security policy (CSP) header contains a "sandbox" directive, other directives are ignored.
network
low complexity
redhat debian mozilla CWE-269
7.5
2018-06-11 CVE-2017-7798 Code Injection vulnerability in multiple products
The Developer Tools feature suffers from a XUL injection vulnerability due to improper sanitization of the web page source code.
network
low complexity
debian redhat mozilla CWE-94
8.8
2018-06-11 CVE-2017-7797 Origin Validation Error vulnerability in Mozilla Firefox
Response header name interning does not have same-origin protections and these headers are stored in a global registry.
network
low complexity
mozilla CWE-346
7.5
2018-06-11 CVE-2017-7794 Incorrect Default Permissions vulnerability in Mozilla Firefox
On Linux systems, if the content process is compromised, the sandbox broker will allow files to be truncated even though the sandbox explicitly only has read access to the local file system and no write permissions.
local
low complexity
mozilla CWE-276
7.8
2018-06-11 CVE-2017-7790 Unspecified vulnerability in Mozilla Firefox
On Windows systems, if non-null-terminated strings are copied into the crash reporter for some specific registry keys, stack memory data can be copied until a null is found.
network
low complexity
mozilla
7.5
2018-06-11 CVE-2017-7787 Information Exposure vulnerability in multiple products
Same-origin policy protections can be bypassed on pages with embedded iframes during page reloads, allowing the iframes to access content on the top level page, leading to information disclosure.
network
low complexity
debian redhat mozilla CWE-200
7.5