|
248211
|
6.5 |
MEDIUM
Network
|
mozilla
|
firefox
|
A combination of an external SVG image referenced on a page and the coloring of anchor links stored within this image can be used to determine which pages a user has in their history. This can allow …
|
CWE-200
Information Exposure
|
CVE-2017-7844
|
2024-11-21 12:32 |
2018-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248212
|
5.3 |
MEDIUM
Network
|
mozilla
|
firefox
|
If a document's Referrer Policy attribute is set to "no-referrer" sometimes two network requests are made for "<link>" elements instead of one. One of these requests includes the referrer instead of …
|
CWE-200
Information Exposure
|
CVE-2017-7842
|
2024-11-21 12:32 |
2018-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248213
|
6.1 |
MEDIUM
Network
|
mozilla
|
firefox
|
JavaScript can be injected into an exported bookmarks file by placing JavaScript code into user-supplied tags in saved bookmarks. If the resulting exported HTML file is later opened in a browser this…
|
CWE-79
Cross-site Scripting
|
CVE-2017-7840
|
2024-11-21 12:32 |
2018-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248214
|
7.5 |
HIGH
Network
|
debian
mozilla
redhat
|
debian_linux
firefox
firefox_esr
enterprise_linux_desktop
enterprise_linux_workstation
enterprise_linux_server
enterprise_linux_server_aus
enterprise_linux_server_eus
|
When Private Browsing mode is used, it is possible for a web worker to write persistent data to IndexedDB and fingerprint a user uniquely. IndexedDB should not be available in Private Browsing mode a…
|
CWE-200
Information Exposure
|
CVE-2017-7843
|
2024-11-21 12:32 |
2018-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248215
|
6.1 |
MEDIUM
Network
|
mozilla
|
firefox
|
Control characters prepended before "javascript:" URLs pasted in the addressbar can cause the leading characters to be ignored and the pasted JavaScript to be executed instead of being blocked. This …
|
CWE-79
Cross-site Scripting
|
CVE-2017-7839
|
2024-11-21 12:32 |
2018-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248216
|
5.3 |
MEDIUM
Network
|
mozilla
|
firefox
|
Punycode format text will be displayed for entire qualified international domain names in some instances when a sub-domain triggers the punycode display instead of the primary domain being displayed …
|
CWE-20
Improper Input Validation
|
CVE-2017-7838
|
2024-11-21 12:32 |
2018-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248217
|
5.3 |
MEDIUM
Network
|
mozilla
|
firefox
|
SVG loaded through "<img>" tags can use "<meta>" tags within the SVG data to set cookies for that page. This vulnerability affects Firefox < 57.
|
CWE-20
Improper Input Validation
|
CVE-2017-7837
|
2024-11-21 12:32 |
2018-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248218
|
7.8 |
HIGH
Local
|
mozilla
|
firefox
|
The "pingsender" executable used by the Firefox Health Report dynamically loads a system copy of libcurl, which an attacker could replace. This allows for privilege escalation as the replaced libcurl…
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2017-7836
|
2024-11-21 12:32 |
2018-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248219
|
7.3 |
HIGH
Network
|
mozilla
|
firefox
|
Mixed content blocking of insecure (HTTP) sub-resources in a secure (HTTPS) document was not correctly applied for resources that redirect from HTTPS to HTTP, allowing content that should be blocked,…
|
NVD-CWE-noinfo
|
CVE-2017-7835
|
2024-11-21 12:32 |
2018-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248220
|
6.1 |
MEDIUM
Network
|
mozilla
|
firefox
|
A "data:" URL loaded in a new tab did not inherit the Content Security Policy (CSP) of the original page, allowing for bypasses of the policy including the execution of JavaScript. In prior versions …
|
CWE-79
Cross-site Scripting
|
CVE-2017-7834
|
2024-11-21 12:32 |
2018-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
