Vulnerabilities > Mozilla > Firefox ESR

DATE CVE VULNERABILITY TITLE RISK
2018-06-11 CVE-2018-5148 Use After Free vulnerability in multiple products
A use-after-free vulnerability can occur in the compositor during certain graphics operations when a raw pointer is used instead of a reference counted one.
network
low complexity
debian redhat mozilla canonical CWE-416
critical
 9.8
9.8
2018-06-11 CVE-2018-5147 Out-of-bounds Write vulnerability in multiple products
The libtremor library has the same flaw as CVE-2018-5146.
network
low complexity
debian mozilla CWE-787
critical
 9.8
9.8
2018-06-11 CVE-2018-5146 Out-of-bounds Write vulnerability in multiple products
An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest.
network
low complexity
redhat debian canonical mozilla CWE-787
8.8
8.8
2018-06-11 CVE-2018-5145 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Memory safety bugs were reported in Firefox ESR 52.6.
network
low complexity
debian redhat mozilla canonical CWE-119
critical
 9.8
9.8
2018-06-11 CVE-2018-5144 Integer Overflow or Wraparound vulnerability in multiple products
An integer overflow can occur during conversion of text to some Unicode character sets due to an unchecked length parameter.
network
low complexity
redhat debian canonical mozilla CWE-190
7.3
7.3
2018-06-11 CVE-2018-5131 Information Exposure vulnerability in multiple products
Under certain circumstances the "fetch()" API can return transient local copies of resources that were sent with a "no-store" or "no-cache" cache header instead of downloading a copy from the network as it should.
network
high complexity
debian mozilla redhat canonical CWE-200
5.9
5.9
2018-06-11 CVE-2018-5130 Improper Input Validation vulnerability in multiple products
When packets with a mismatched RTP payload type are sent in WebRTC connections, in some circumstances a potentially exploitable crash is triggered.
network
low complexity
debian redhat canonical mozilla CWE-20
8.8
8.8
2018-06-11 CVE-2018-5129 Out-of-bounds Write vulnerability in multiple products
A lack of parameter validation on IPC messages results in a potential out-of-bounds write through malformed IPC messages.
network
low complexity
debian mozilla redhat canonical CWE-787
8.6
8.6
2018-06-11 CVE-2018-5127 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
A buffer overflow can occur when manipulating the SVG "animatedPathSegList" through script.
network
low complexity
redhat debian canonical mozilla CWE-119
8.8
8.8
2018-06-11 CVE-2018-5125 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Memory safety bugs were reported in Firefox 58 and Firefox ESR 52.6.
network
low complexity
canonical redhat debian mozilla CWE-119
8.8
8.8