Vulnerabilities > Mozilla > High

DATE CVE VULNERABILITY TITLE RISK
2018-06-11 CVE-2017-5381 Path Traversal vulnerability in Mozilla Firefox
The "export" function in the Certificate Viewer can force local filesystem navigation when the "common name" in a certificate contains slashes, allowing certificate content to be saved in unsafe locations with an arbitrary filename.
network
low complexity
mozilla CWE-22
7.5
7.5
2018-06-11 CVE-2017-5379 Use After Free vulnerability in Mozilla Firefox
Use-after-free vulnerability in Web Animations when interacting with cycle collection found through fuzzing.
network
low complexity
mozilla CWE-416
7.5
7.5
2018-06-11 CVE-2017-5378 Information Exposure vulnerability in multiple products
Hashed codes of JavaScript objects are shared between pages.
network
low complexity
debian redhat mozilla CWE-200
7.5
7.5
2018-06-11 CVE-2016-9905 Improper Access Control vulnerability in multiple products
A potentially exploitable crash in "EnumerateSubDocuments" while adding or removing sub-documents.
network
low complexity
redhat debian mozilla CWE-284
8.8
8.8
2018-06-11 CVE-2016-9904 Information Exposure vulnerability in multiple products
An attacker could use a JavaScript Map/Set timing attack to determine whether an atom is used by another compartment/zone in specific contexts.
network
low complexity
redhat debian mozilla CWE-200
7.5
7.5
2018-06-11 CVE-2016-9902 Origin Validation Error vulnerability in multiple products
The Pocket toolbar button, once activated, listens for events fired from it's own pages but does not verify the origin of incoming events.
network
low complexity
redhat mozilla CWE-346
7.5
7.5
2018-06-11 CVE-2016-9900 7PK - Security Features vulnerability in multiple products
External resources that should be blocked when loaded by SVG images can bypass security restrictions through the use of "data:" URLs.
network
low complexity
debian redhat mozilla CWE-254
7.5
7.5
2018-06-11 CVE-2016-9897 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Memory corruption resulting in a potentially exploitable crash during WebGL functions using a vector constructor with a varying array within libGLES.
network
low complexity
redhat debian mozilla CWE-119
7.5
7.5
2018-06-11 CVE-2016-9896 Use After Free vulnerability in Mozilla Firefox
Use-after-free while manipulating the "navigator" object within WebVR.
network
high complexity
mozilla CWE-416
8.1
8.1
2018-06-11 CVE-2016-9894 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mozilla Firefox
A buffer overflow in SkiaGl caused when a GrGLBuffer is truncated during allocation.
network
low complexity
mozilla CWE-119
7.5
7.5