Vulnerabilities > Mozilla > High

DATE CVE VULNERABILITY TITLE RISK
2018-06-11 CVE-2017-7783 Improper Input Validation vulnerability in Mozilla Firefox
If a long user name is used in a username/password combination in a site URL (such as " http://UserName:[email protected]"), the resulting modal prompt will hang in a non-responsive state or crash, causing a denial of service.
network
low complexity
mozilla CWE-20
7.5
2018-06-11 CVE-2017-7766 Unspecified vulnerability in Mozilla Firefox
An attack using manipulation of "updater.ini" contents, used by the Mozilla Windows Updater, and privilege escalation through the Mozilla Maintenance Service to allow for arbitrary file execution and deletion by the Maintenance Service, which has privileged access.
local
low complexity
mozilla
7.8
2018-06-11 CVE-2017-7765 Improper Input Validation vulnerability in Mozilla Firefox
The "Mark of the Web" was not correctly saved on Windows when files with very long names were downloaded from the Internet.
network
low complexity
mozilla CWE-20
7.5
2018-06-11 CVE-2017-7762 Improper Input Validation vulnerability in multiple products
When entered directly, Reader Mode did not strip the username and password section of URLs displayed in the addressbar.
network
low complexity
redhat mozilla CWE-20
7.5
2018-06-11 CVE-2017-7760 Channel and Path Errors vulnerability in Mozilla Firefox
The Mozilla Windows updater modifies some files to be updated by reading the original file and applying changes to it.
local
low complexity
mozilla CWE-417
7.8
2018-06-11 CVE-2017-7759 Information Exposure vulnerability in multiple products
Android intent URLs given to Firefox for Android can be used to navigate from HTTP or HTTPS URLs to local "file:" URLs, allowing for the reading of local data through a violation of same-origin policy.
network
low complexity
mozilla google CWE-200
7.5
2018-06-11 CVE-2017-7755 Untrusted Search Path vulnerability in Mozilla Firefox
The Firefox installer on Windows can be made to load malicious DLL files stored in the same directory as the installer when it is run.
local
low complexity
mozilla CWE-426
7.8
2018-06-11 CVE-2017-7754 Out-of-bounds Read vulnerability in multiple products
An out-of-bounds read in WebGL with a maliciously crafted "ImageInfo" object during WebGL operations.
network
low complexity
debian redhat mozilla CWE-125
7.5
2018-06-11 CVE-2017-7752 Use After Free vulnerability in multiple products
A use-after-free vulnerability during specific user interactions with the input method editor (IME) in some languages due to how events are handled.
network
low complexity
debian redhat mozilla CWE-416
8.8
2018-06-11 CVE-2017-5467 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
A potential memory corruption and crash when using Skia content when drawing content outside of the bounds of a clipping region.
network
low complexity
redhat mozilla CWE-119
7.5