Vulnerabilities > Mozilla > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-11 | CVE-2017-7766 | Unspecified vulnerability in Mozilla Firefox An attack using manipulation of "updater.ini" contents, used by the Mozilla Windows Updater, and privilege escalation through the Mozilla Maintenance Service to allow for arbitrary file execution and deletion by the Maintenance Service, which has privileged access. | 7.8 |
| 2018-06-11 | CVE-2017-7765 | Improper Input Validation vulnerability in Mozilla Firefox The "Mark of the Web" was not correctly saved on Windows when files with very long names were downloaded from the Internet. | 7.5 |
| 2018-06-11 | CVE-2017-7762 | Improper Input Validation vulnerability in multiple products When entered directly, Reader Mode did not strip the username and password section of URLs displayed in the addressbar. | 7.5 |
| 2018-06-11 | CVE-2017-7760 | Channel and Path Errors vulnerability in Mozilla Firefox The Mozilla Windows updater modifies some files to be updated by reading the original file and applying changes to it. | 7.8 |
| 2018-06-11 | CVE-2017-7759 | Information Exposure vulnerability in multiple products Android intent URLs given to Firefox for Android can be used to navigate from HTTP or HTTPS URLs to local "file:" URLs, allowing for the reading of local data through a violation of same-origin policy. | 7.5 |
| 2018-06-11 | CVE-2017-7755 | Untrusted Search Path vulnerability in Mozilla Firefox The Firefox installer on Windows can be made to load malicious DLL files stored in the same directory as the installer when it is run. | 7.8 |
| 2018-06-11 | CVE-2017-7754 | Out-of-bounds Read vulnerability in multiple products An out-of-bounds read in WebGL with a maliciously crafted "ImageInfo" object during WebGL operations. | 7.5 |
| 2018-06-11 | CVE-2017-7752 | Use After Free vulnerability in multiple products A use-after-free vulnerability during specific user interactions with the input method editor (IME) in some languages due to how events are handled. | 8.8 |
| 2018-06-11 | CVE-2017-5467 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products A potential memory corruption and crash when using Skia content when drawing content outside of the bounds of a clipping region. | 7.5 |
| 2018-06-11 | CVE-2017-5455 | The internal feed reader APIs that crossed the sandbox barrier allowed for a sandbox escape and escalation of privilege if combined with another vulnerability that resulted in remote code execution inside the sandboxed process. | 7.5 |