Vulnerabilities > Mozilla > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-06-11 CVE-2017-5393 Cross-site Scripting vulnerability in Mozilla Firefox
The "mozAddonManager" allows for the installation of extensions from the CDN for addons.mozilla.org, a publicly accessible site.
network
low complexity
mozilla CWE-79
6.1
2018-06-11 CVE-2017-5389 Open Redirect vulnerability in Mozilla Firefox
WebExtensions could use the "mozAddonManager" API by modifying the CSP headers on sites with the appropriate permissions and then using host requests to redirect script loads to a malicious site.
network
low complexity
mozilla CWE-601
6.1
2018-06-11 CVE-2017-5384 Information Exposure vulnerability in Mozilla Firefox
Proxy Auto-Config (PAC) files can specify a JavaScript function called for all URL requests with the full URL path which exposes more information than would be sent to the proxy itself in the case of HTTPS.
network
high complexity
mozilla CWE-200
5.9
2018-06-11 CVE-2017-5383 Improper Input Validation vulnerability in multiple products
URLs containing certain unicode glyphs for alternative hyphens and quotes do not properly trigger punycode display, allowing for domain name spoofing attacks in the location bar.
network
low complexity
debian redhat mozilla CWE-20
5.3
2018-06-11 CVE-2016-9903 Cross-site Scripting vulnerability in Mozilla Firefox
Mozilla's add-ons SDK had a world-accessible resource with an HTML injection vulnerability.
network
low complexity
mozilla CWE-79
6.1
2018-06-11 CVE-2016-9895 7PK - Security Features vulnerability in multiple products
Event handlers on "marquee" elements were executed despite a strict Content Security Policy (CSP) that disallowed inline JavaScript.
network
low complexity
debian redhat mozilla CWE-254
6.1
2018-06-11 CVE-2016-9076 Improper Input Validation vulnerability in Mozilla Firefox
An issue where a "<select>" dropdown menu can be used to cover location bar content, resulting in potential spoofing attacks.
network
high complexity
mozilla CWE-20
5.9
2018-06-11 CVE-2016-9074 Information Exposure vulnerability in multiple products
An existing mitigation of timing side-channel attacks is insufficient in some circumstances.
network
high complexity
mozilla debian CWE-200
5.9
2018-06-11 CVE-2016-9071 7PK - Security Features vulnerability in Mozilla Firefox
Content Security Policy combined with HTTP to HTTPS redirection can be used by malicious server to verify whether a known site is within a user's browser history.
network
low complexity
mozilla CWE-254
5.3
2018-06-11 CVE-2016-9067 Use After Free vulnerability in Mozilla Firefox
Two use-after-free errors during DOM operations resulting in potentially exploitable crashes.
network
low complexity
mozilla CWE-416
6.5