Firefox
Source repositories
CVEs (3,179)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-5114 | Med | 0.35 | 5.3 | 0.02 | Jun 11, 2018 | If an existing cookie is changed to be "HttpOnly" while a document is open, the original value remains accessible through script until that document is closed. Network requests correctly use the changed HttpOnly cookie. This vulnerability affects Firefox < 58. | ||
| CVE-2018-5110 | Med | 0.35 | 5.3 | 0.01 | Jun 11, 2018 | If cursor visibility is toggled by script using from 'none' to an image and back through script, the cursor will be rendered temporarily invisible within Firefox. Note: This vulnerability only affects OS X. Other operating systems are not affected. This vulnerability affects… | ||
| CVE-2018-5107 | Med | 0.35 | 5.3 | 0.02 | Jun 11, 2018 | The printing process can bypass local access protections to read files available through symlinks, bypassing local file restrictions. The printing process requires files in a specific format so arbitrary data cannot be read but it is possible that some local file information… | ||
| CVE-2018-5106 | Med | 0.35 | 5.3 | 0.01 | Jun 11, 2018 | Style editor traffic in the Developer Tools can be routed through a service worker hosted on a third party website if a user selects error links when these tools are open. This can allow style editor information used within Developer Tools to leak cross-origin. This… | ||
| CVE-2017-7842 | Med | 0.35 | 5.3 | 0.02 | Jun 11, 2018 | If a document's Referrer Policy attribute is set to "no-referrer" sometimes two network requests are made for "" elements instead of one. One of these requests includes the referrer instead of respecting the set policy to not include a referrer on requests. This… | ||
| CVE-2017-7838 | Med | 0.35 | 5.3 | 0.01 | Jun 11, 2018 | Punycode format text will be displayed for entire qualified international domain names in some instances when a sub-domain triggers the punycode display instead of the primary domain being displayed in native script and the sub-domain only displaying as punycode. This could be… | ||
| CVE-2017-7837 | Med | 0.35 | 5.3 | 0.01 | Jun 11, 2018 | SVG loaded through "" tags can use "" tags within the SVG data to set cookies for that page. This vulnerability affects Firefox < 57. | ||
| CVE-2017-7833 | Med | 0.35 | 5.3 | 0.01 | Jun 11, 2018 | Some Arabic and Indic vowel marker characters can be combined with Latin characters in a domain name to eclipse the non-Latin character with some font sets on the addressbar. The non-Latin character will not be visible to most viewers. This allows for domain spoofing attacks… | ||
| CVE-2017-7832 | Med | 0.35 | 5.3 | 0.02 | Jun 11, 2018 | The combined, single character, version of the letter 'i' with any of the potential accents in unicode, such as acute or grave, can be spoofed in the addressbar by the dotless version of 'i' followed by the same accent as a second character with most font sets. This allows for… | ||
| CVE-2017-7831 | Med | 0.35 | 5.3 | 0.02 | Jun 11, 2018 | A vulnerability where the security wrapper does not deny access to some exposed properties using the deprecated "_exposedProps_" mechanism on proxy objects. These properties should be explicitly unavailable to proxy objects. This vulnerability affects Firefox < 57. | ||
| CVE-2017-7825 | Med | 0.35 | 5.3 | 0.02 | Jun 11, 2018 | Several fonts on OS X display some Tibetan and Arabic characters as whitespace. When used in the addressbar as part of an IDN this can be used for domain name spoofing attacks. Note: This attack only affects OS X operating systems. Other operating systems are unaffected. This… | ||
| CVE-2017-7823 | Med | 0.35 | 5.4 | 0.01 | Jun 11, 2018 | The content security policy (CSP) "sandbox" directive did not create a unique origin for the document, causing it to behave as if the "allow-same-origin" keyword were always specified. This could allow a Cross-Site Scripting (XSS) attack to be launched from unsafe content. This… | ||
| CVE-2017-7822 | Med | 0.35 | 5.3 | 0.01 | Jun 11, 2018 | The AES-GCM implementation in WebCrypto API accepts 0-length IV when it should require a length of 1 according to the NIST Special Publication 800-38D specification. This might allow for the authentication key to be determined in some instances. This vulnerability affects… | ||
| CVE-2017-7820 | Med | 0.35 | 5.3 | 0.01 | Jun 11, 2018 | The "instanceof" operator can bypass the Xray wrapper mechanism. When called on web content from the browser itself or an extension the web content can provide its own result for that operator, possibly tricking the browser or extension into mishandling the element. This… | ||
| CVE-2017-7817 | Med | 0.35 | 5.3 | 0.01 | Jun 11, 2018 | A spoofing vulnerability can occur when a page switches to fullscreen mode without user notification, allowing a fake address bar to be displayed. This allows an attacker to spoof which page is actually loaded and in use. Note: This attack only affects Firefox for Android. Other… | ||
| CVE-2017-7816 | Med | 0.35 | 5.3 | 0.01 | Jun 11, 2018 | WebExtensions could use popups and panels in the extension UI to load an "about:" privileged URL, violating security checks that disallow this behavior. This vulnerability affects Firefox < 56. | ||
| CVE-2017-7815 | Med | 0.35 | 5.3 | 0.01 | Jun 11, 2018 | On pages containing an iframe, the "data:" protocol can be used to create a modal dialog through Javascript that will have an arbitrary domains as the dialog's location, spoofing of the origin of the modal dialog from the user view. Note: This attack only affects installations… | ||
| CVE-2017-7812 | Med | 0.35 | 5.3 | 0.01 | Jun 11, 2018 | If web content on a page is dragged onto portions of the browser UI, such as the tab bar, links can be opened that otherwise would not be allowed to open. This can allow malicious web content to open a locally stored file through "file:" URLs. This vulnerability affects Firefox… | ||
| CVE-2017-7808 | Med | 0.35 | 5.3 | 0.01 | Jun 11, 2018 | A content security policy (CSP) "frame-ancestors" directive containing origins with paths allows for comparisons against those paths instead of the origin. This results in a cross-origin information leak of this path information. This vulnerability affects Firefox < 55. | ||
| CVE-2017-7791 | Med | 0.35 | 5.3 | 0.02 | Jun 11, 2018 | On pages containing an iframe, the "data:" protocol can be used to create a modal alert that will render over arbitrary domains following page navigation, spoofing of the origin of the modal alert from the iframe content. This vulnerability affects Thunderbird < 52.3, Firefox… |
- risk 0.35cvss 5.3epss 0.02
If an existing cookie is changed to be "HttpOnly" while a document is open, the original value remains accessible through script until that document is closed. Network requests correctly use the changed HttpOnly cookie. This vulnerability affects Firefox < 58.
- risk 0.35cvss 5.3epss 0.01
If cursor visibility is toggled by script using from 'none' to an image and back through script, the cursor will be rendered temporarily invisible within Firefox. Note: This vulnerability only affects OS X. Other operating systems are not affected. This vulnerability affects…
- risk 0.35cvss 5.3epss 0.02
The printing process can bypass local access protections to read files available through symlinks, bypassing local file restrictions. The printing process requires files in a specific format so arbitrary data cannot be read but it is possible that some local file information…
- risk 0.35cvss 5.3epss 0.01
Style editor traffic in the Developer Tools can be routed through a service worker hosted on a third party website if a user selects error links when these tools are open. This can allow style editor information used within Developer Tools to leak cross-origin. This…
- risk 0.35cvss 5.3epss 0.02
If a document's Referrer Policy attribute is set to "no-referrer" sometimes two network requests are made for "" elements instead of one. One of these requests includes the referrer instead of respecting the set policy to not include a referrer on requests. This…
- risk 0.35cvss 5.3epss 0.01
Punycode format text will be displayed for entire qualified international domain names in some instances when a sub-domain triggers the punycode display instead of the primary domain being displayed in native script and the sub-domain only displaying as punycode. This could be…
- risk 0.35cvss 5.3epss 0.01
SVG loaded through "" tags can use "" tags within the SVG data to set cookies for that page. This vulnerability affects Firefox < 57.
- risk 0.35cvss 5.3epss 0.01
Some Arabic and Indic vowel marker characters can be combined with Latin characters in a domain name to eclipse the non-Latin character with some font sets on the addressbar. The non-Latin character will not be visible to most viewers. This allows for domain spoofing attacks…
- risk 0.35cvss 5.3epss 0.02
The combined, single character, version of the letter 'i' with any of the potential accents in unicode, such as acute or grave, can be spoofed in the addressbar by the dotless version of 'i' followed by the same accent as a second character with most font sets. This allows for…
- risk 0.35cvss 5.3epss 0.02
A vulnerability where the security wrapper does not deny access to some exposed properties using the deprecated "_exposedProps_" mechanism on proxy objects. These properties should be explicitly unavailable to proxy objects. This vulnerability affects Firefox < 57.
- risk 0.35cvss 5.3epss 0.02
Several fonts on OS X display some Tibetan and Arabic characters as whitespace. When used in the addressbar as part of an IDN this can be used for domain name spoofing attacks. Note: This attack only affects OS X operating systems. Other operating systems are unaffected. This…
- risk 0.35cvss 5.4epss 0.01
The content security policy (CSP) "sandbox" directive did not create a unique origin for the document, causing it to behave as if the "allow-same-origin" keyword were always specified. This could allow a Cross-Site Scripting (XSS) attack to be launched from unsafe content. This…
- risk 0.35cvss 5.3epss 0.01
The AES-GCM implementation in WebCrypto API accepts 0-length IV when it should require a length of 1 according to the NIST Special Publication 800-38D specification. This might allow for the authentication key to be determined in some instances. This vulnerability affects…
- risk 0.35cvss 5.3epss 0.01
The "instanceof" operator can bypass the Xray wrapper mechanism. When called on web content from the browser itself or an extension the web content can provide its own result for that operator, possibly tricking the browser or extension into mishandling the element. This…
- risk 0.35cvss 5.3epss 0.01
A spoofing vulnerability can occur when a page switches to fullscreen mode without user notification, allowing a fake address bar to be displayed. This allows an attacker to spoof which page is actually loaded and in use. Note: This attack only affects Firefox for Android. Other…
- risk 0.35cvss 5.3epss 0.01
WebExtensions could use popups and panels in the extension UI to load an "about:" privileged URL, violating security checks that disallow this behavior. This vulnerability affects Firefox < 56.
- risk 0.35cvss 5.3epss 0.01
On pages containing an iframe, the "data:" protocol can be used to create a modal dialog through Javascript that will have an arbitrary domains as the dialog's location, spoofing of the origin of the modal dialog from the user view. Note: This attack only affects installations…
- risk 0.35cvss 5.3epss 0.01
If web content on a page is dragged onto portions of the browser UI, such as the tab bar, links can be opened that otherwise would not be allowed to open. This can allow malicious web content to open a locally stored file through "file:" URLs. This vulnerability affects Firefox…
- risk 0.35cvss 5.3epss 0.01
A content security policy (CSP) "frame-ancestors" directive containing origins with paths allows for comparisons against those paths instead of the origin. This results in a cross-origin information leak of this path information. This vulnerability affects Firefox < 55.
- risk 0.35cvss 5.3epss 0.02
On pages containing an iframe, the "data:" protocol can be used to create a modal alert that will render over arbitrary domains following page navigation, spoofing of the origin of the modal alert from the iframe content. This vulnerability affects Thunderbird < 52.3, Firefox…
Page 84 of 159