Vulnerabilities > Mozilla > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-11 | CVE-2018-5109 | Origin Validation Error vulnerability in multiple products An audio capture session can started under an incorrect origin from the site making the capture request. | 5.3 |
| 2018-06-11 | CVE-2018-5108 | Information Exposure vulnerability in multiple products A Blob URL can violate origin attribute segregation, allowing it to be accessed from a private browsing tab and for data to be passed between the private browsing tab and a normal tab. | 4.3 |
| 2018-06-11 | CVE-2018-5107 | Link Following vulnerability in multiple products The printing process can bypass local access protections to read files available through symlinks, bypassing local file restrictions. | 5.3 |
| 2018-06-11 | CVE-2018-5106 | Information Exposure vulnerability in multiple products Style editor traffic in the Developer Tools can be routed through a service worker hosted on a third party website if a user selects error links when these tools are open. | 5.3 |
| 2018-06-11 | CVE-2017-7848 | Injection vulnerability in multiple products RSS fields can inject new lines into the created email structure, modifying the message body. | 5.3 |
| 2018-06-11 | CVE-2017-7847 | Information Exposure vulnerability in multiple products Crafted CSS in an RSS feed can leak and reveal local path strings, which may contain user name. | 4.3 |
| 2018-06-11 | CVE-2017-7844 | Information Exposure vulnerability in Mozilla Firefox A combination of an external SVG image referenced on a page and the coloring of anchor links stored within this image can be used to determine which pages a user has in their history. | 6.5 |
| 2018-06-11 | CVE-2017-7842 | Information Exposure vulnerability in Mozilla Firefox If a document's Referrer Policy attribute is set to "no-referrer" sometimes two network requests are made for "<link>" elements instead of one. | 5.3 |
| 2018-06-11 | CVE-2017-7840 | Cross-site Scripting vulnerability in Mozilla Firefox JavaScript can be injected into an exported bookmarks file by placing JavaScript code into user-supplied tags in saved bookmarks. | 6.1 |
| 2018-06-11 | CVE-2017-7839 | Cross-site Scripting vulnerability in Mozilla Firefox Control characters prepended before "javascript:" URLs pasted in the addressbar can cause the leading characters to be ignored and the pasted JavaScript to be executed instead of being blocked. | 6.1 |