CVE-2017-7797
- EPSS 0.81%
- Veröffentlicht 11.06.2018 21:29:09
- Zuletzt bearbeitet 21.11.2024 03:32:40
Response header name interning does not have same-origin protections and these headers are stored in a global registry. This allows stored header names to be available cross-origin. This vulnerability affects Firefox < 55.
CVE-2017-7798
- EPSS 2.1%
- Veröffentlicht 11.06.2018 21:29:09
- Zuletzt bearbeitet 25.11.2025 17:50:16
The Developer Tools feature suffers from a XUL injection vulnerability due to improper sanitization of the web page source code. In the worst case, this could allow arbitrary code execution when opening a malicious page with the style editor tool. Th...
CVE-2017-7799
- EPSS 1.41%
- Veröffentlicht 11.06.2018 21:29:09
- Zuletzt bearbeitet 21.11.2024 03:32:41
JavaScript in the "about:webrtc" page is not sanitized properly being assigned to "innerHTML". Data on this page is supplied by WebRTC usage and is not under third-party control, making this difficult to exploit, but the vulnerability could possibly ...
CVE-2017-7800
- EPSS 3.04%
- Veröffentlicht 11.06.2018 21:29:09
- Zuletzt bearbeitet 25.11.2025 17:50:16
A use-after-free vulnerability can occur in WebSockets when the object holding the connection is freed before the disconnection operation is finished. This results in an exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < ...
CVE-2017-7801
- EPSS 2.68%
- Veröffentlicht 11.06.2018 21:29:09
- Zuletzt bearbeitet 25.11.2025 17:50:16
A use-after-free vulnerability can occur while re-computing layout for a "marquee" element during window resizing where the updated style object is freed while still in use. This results in a potentially exploitable crash. This vulnerability affects ...
CVE-2017-7802
- EPSS 2.71%
- Veröffentlicht 11.06.2018 21:29:09
- Zuletzt bearbeitet 25.11.2025 17:50:16
A use-after-free vulnerability can occur when manipulating the DOM during the resize event of an image element. If these elements have been freed due to a lack of strong references, a potentially exploitable crash may occur when the freed elements ar...
CVE-2017-7803
- EPSS 2.03%
- Veröffentlicht 11.06.2018 21:29:09
- Zuletzt bearbeitet 25.11.2025 17:50:16
When a page's content security policy (CSP) header contains a "sandbox" directive, other directives are ignored. This results in the incorrect enforcement of CSP. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.
CVE-2017-7804
- EPSS 1.51%
- Veröffentlicht 11.06.2018 21:29:09
- Zuletzt bearbeitet 25.11.2025 17:50:16
The destructor function for the "WindowsDllDetourPatcher" class can be re-purposed by malicious code in concert with another vulnerability to write arbitrary data to an attacker controlled location in memory. This can be used to bypass existing memor...
CVE-2017-7756
- EPSS 2.67%
- Veröffentlicht 11.06.2018 21:29:08
- Zuletzt bearbeitet 25.11.2025 17:50:16
A use-after-free and use-after-scope vulnerability when logging errors from headers for XML HTTP Requests (XHR). This could result in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2...
CVE-2017-7757
- EPSS 2.67%
- Veröffentlicht 11.06.2018 21:29:08
- Zuletzt bearbeitet 25.11.2025 17:50:16
A use-after-free vulnerability in IndexedDB when one of its objects is destroyed in memory while a method on it is still being executed. This results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and...