Vulnerabilities > Mozilla > High

DATE CVE VULNERABILITY TITLE RISK
2018-06-11 CVE-2016-9079 Use After Free vulnerability in multiple products
A use-after-free vulnerability in SVG Animation has been discovered.
network
low complexity
debian redhat mozilla torproject CWE-416
7.5
2018-06-11 CVE-2016-9078 Open Redirect vulnerability in Mozilla Firefox 49.0/50.0
Redirection from an HTTP connection to a "data:" URL assigns the referring site's origin to the "data:" URL in some circumstances.
network
low complexity
mozilla CWE-601
8.8
2018-06-11 CVE-2016-9077 Race Condition vulnerability in Mozilla Firefox
Canvas allows the use of the "feDisplacementMap" filter on images loaded cross-origin.
local
high complexity
mozilla CWE-362
7.0
2018-06-11 CVE-2016-9073 Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox
WebExtensions can bypass security checks to load privileged URLs and potentially escape the WebExtension sandbox.
network
low complexity
mozilla CWE-264
7.5
2018-06-11 CVE-2016-9072 7PK - Security Features vulnerability in Mozilla Firefox
When a new Firefox profile is created on 64-bit Windows installations, the sandbox for 64-bit NPAPI plugins is not enabled by default.
network
low complexity
mozilla CWE-254
7.5
2018-06-11 CVE-2016-9070 Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox
A maliciously crafted page loaded to the sidebar through a bookmark can reference a privileged chrome window and engage in limited JavaScript operations violating cross-origin protections.
network
low complexity
mozilla CWE-264
8.0
2018-06-11 CVE-2016-9068 Use After Free vulnerability in Mozilla Firefox
A use-after-free during web animations when working with timelines resulting in a potentially exploitable crash.
network
low complexity
mozilla CWE-416
7.5
2018-06-11 CVE-2016-9066 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
A buffer overflow resulting in a potentially exploitable crash due to memory allocation issues when handling large amounts of incoming data.
network
low complexity
mozilla debian CWE-119
7.5
2018-06-11 CVE-2016-9065 Improper Input Validation vulnerability in Mozilla Firefox
The location bar in Firefox for Android can be spoofed by forcing a user into fullscreen mode, blocking its exiting, and creating of a fake location bar without any user notification.
network
low complexity
mozilla CWE-20
7.5
2018-06-11 CVE-2016-9061 Permission Issues vulnerability in Mozilla Firefox
A previously installed malicious Android application which defines a specific signature-level permissions used by Firefox can access API keys meant for Firefox only.
network
low complexity
mozilla CWE-275
7.5