Vulnerabilities > Mozilla > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-11 | CVE-2017-5383 | Improper Input Validation vulnerability in multiple products URLs containing certain unicode glyphs for alternative hyphens and quotes do not properly trigger punycode display, allowing for domain name spoofing attacks in the location bar. | 5.3 |
| 2018-06-11 | CVE-2016-9903 | Cross-site Scripting vulnerability in Mozilla Firefox Mozilla's add-ons SDK had a world-accessible resource with an HTML injection vulnerability. | 6.1 |
| 2018-06-11 | CVE-2016-9895 | 7PK - Security Features vulnerability in multiple products Event handlers on "marquee" elements were executed despite a strict Content Security Policy (CSP) that disallowed inline JavaScript. | 6.1 |
| 2018-06-11 | CVE-2016-9076 | Improper Input Validation vulnerability in Mozilla Firefox An issue where a "<select>" dropdown menu can be used to cover location bar content, resulting in potential spoofing attacks. | 5.9 |
| 2018-06-11 | CVE-2016-9074 | Information Exposure vulnerability in multiple products An existing mitigation of timing side-channel attacks is insufficient in some circumstances. | 5.9 |
| 2018-06-11 | CVE-2016-9071 | 7PK - Security Features vulnerability in Mozilla Firefox Content Security Policy combined with HTTP to HTTPS redirection can be used by malicious server to verify whether a known site is within a user's browser history. | 5.3 |
| 2018-06-11 | CVE-2016-9067 | Use After Free vulnerability in Mozilla Firefox Two use-after-free errors during DOM operations resulting in potentially exploitable crashes. | 6.5 |
| 2018-06-11 | CVE-2016-9064 | Improper Certificate Validation vulnerability in Mozilla Firefox Add-on updates failed to verify that the add-on ID inside the signed package matched the ID of the add-on being updated. | 5.9 |
| 2018-06-11 | CVE-2016-5298 | Improper Input Validation vulnerability in Mozilla Firefox A mechanism where disruption of the loading of a new web page can cause the previous page's favicon and SSL indicator to not be reset when the new page is loaded. | 6.5 |
| 2018-06-11 | CVE-2016-5294 | Improper Input Validation vulnerability in Mozilla Firefox The Mozilla Updater can be made to choose an arbitrary target working directory for output files resulting from the update process. | 5.5 |