Vulnerabilities > Mozilla > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-06-11 CVE-2017-7825 Improper Input Validation vulnerability in multiple products
Several fonts on OS X display some Tibetan and Arabic characters as whitespace.
network
low complexity
debian mozilla CWE-20
5.3
2018-06-11 CVE-2017-7823 Cross-site Scripting vulnerability in multiple products
The content security policy (CSP) "sandbox" directive did not create a unique origin for the document, causing it to behave as if the "allow-same-origin" keyword were always specified.
network
low complexity
redhat debian mozilla CWE-79
5.4
2018-06-11 CVE-2017-7822 Unspecified vulnerability in Mozilla Firefox
The AES-GCM implementation in WebCrypto API accepts 0-length IV when it should require a length of 1 according to the NIST Special Publication 800-38D specification.
network
low complexity
mozilla
5.3
2018-06-11 CVE-2017-7820 Unspecified vulnerability in Mozilla Firefox
The "instanceof" operator can bypass the Xray wrapper mechanism.
network
low complexity
mozilla
5.3
2018-06-11 CVE-2017-7817 Improper Input Validation vulnerability in Mozilla Firefox
A spoofing vulnerability can occur when a page switches to fullscreen mode without user notification, allowing a fake address bar to be displayed.
network
low complexity
mozilla CWE-20
5.3
2018-06-11 CVE-2017-7816 Improper Input Validation vulnerability in Mozilla Firefox
WebExtensions could use popups and panels in the extension UI to load an "about:" privileged URL, violating security checks that disallow this behavior.
network
low complexity
mozilla CWE-20
5.3
2018-06-11 CVE-2017-7815 Improper Input Validation vulnerability in Mozilla Firefox
On pages containing an iframe, the "data:" protocol can be used to create a modal dialog through Javascript that will have an arbitrary domains as the dialog's location, spoofing of the origin of the modal dialog from the user view.
network
low complexity
mozilla CWE-20
5.3
2018-06-11 CVE-2017-7812 Information Exposure vulnerability in Mozilla Firefox
If web content on a page is dragged onto portions of the browser UI, such as the tab bar, links can be opened that otherwise would not be allowed to open.
network
low complexity
mozilla CWE-200
5.3
2018-06-11 CVE-2017-7808 Origin Validation Error vulnerability in Mozilla Firefox
A content security policy (CSP) "frame-ancestors" directive containing origins with paths allows for comparisons against those paths instead of the origin.
network
low complexity
mozilla CWE-346
5.3
2018-06-11 CVE-2017-7799 Cross-site Scripting vulnerability in Mozilla Firefox
JavaScript in the "about:webrtc" page is not sanitized properly being assigned to "innerHTML".
network
low complexity
mozilla CWE-79
6.1