Vulnerabilities > Mozilla > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-11 | CVE-2017-7822 | Unspecified vulnerability in Mozilla Firefox The AES-GCM implementation in WebCrypto API accepts 0-length IV when it should require a length of 1 according to the NIST Special Publication 800-38D specification. | 5.3 |
| 2018-06-11 | CVE-2017-7820 | Unspecified vulnerability in Mozilla Firefox The "instanceof" operator can bypass the Xray wrapper mechanism. | 5.3 |
| 2018-06-11 | CVE-2017-7817 | Improper Input Validation vulnerability in Mozilla Firefox A spoofing vulnerability can occur when a page switches to fullscreen mode without user notification, allowing a fake address bar to be displayed. | 5.3 |
| 2018-06-11 | CVE-2017-7816 | Improper Input Validation vulnerability in Mozilla Firefox WebExtensions could use popups and panels in the extension UI to load an "about:" privileged URL, violating security checks that disallow this behavior. | 5.3 |
| 2018-06-11 | CVE-2017-7815 | Improper Input Validation vulnerability in Mozilla Firefox On pages containing an iframe, the "data:" protocol can be used to create a modal dialog through Javascript that will have an arbitrary domains as the dialog's location, spoofing of the origin of the modal dialog from the user view. | 5.3 |
| 2018-06-11 | CVE-2017-7812 | Information Exposure vulnerability in Mozilla Firefox If web content on a page is dragged onto portions of the browser UI, such as the tab bar, links can be opened that otherwise would not be allowed to open. | 5.3 |
| 2018-06-11 | CVE-2017-7808 | Origin Validation Error vulnerability in Mozilla Firefox A content security policy (CSP) "frame-ancestors" directive containing origins with paths allows for comparisons against those paths instead of the origin. | 5.3 |
| 2018-06-11 | CVE-2017-7799 | Cross-site Scripting vulnerability in Mozilla Firefox JavaScript in the "about:webrtc" page is not sanitized properly being assigned to "innerHTML". | 6.1 |
| 2018-06-11 | CVE-2017-7796 | Improper Input Validation vulnerability in Mozilla Firefox On Windows systems, the logger run by the Windows updater deletes the file "update.log" before it runs in order to write a new log of that name. | 4.7 |
| 2018-06-11 | CVE-2017-7791 | Improper Input Validation vulnerability in multiple products On pages containing an iframe, the "data:" protocol can be used to create a modal alert that will render over arbitrary domains following page navigation, spoofing of the origin of the modal alert from the iframe content. | 5.3 |