Vulnerabilities > Mozilla > Firefox ESR
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-11 | CVE-2017-5380 | Use After Free vulnerability in multiple products A potential use-after-free found through fuzzing during DOM manipulation of SVG content. | 7.5 |
| 2018-06-11 | CVE-2017-5378 | Information Exposure vulnerability in multiple products Hashed codes of JavaScript objects are shared between pages. | 5.0 |
| 2018-06-11 | CVE-2017-5376 | Use After Free vulnerability in multiple products Use-after-free while manipulating XSL in XSLT documents. | 7.5 |
| 2018-06-11 | CVE-2017-5375 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products JIT code allocation can allow for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. | 7.5 |
| 2018-06-11 | CVE-2017-5373 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mozilla Firefox, Firefox ESR and Thunderbird Memory safety bugs were reported in Firefox 50.1 and Firefox ESR 45.6. | 7.5 |
| 2018-06-11 | CVE-2016-9905 | Improper Access Control vulnerability in multiple products A potentially exploitable crash in "EnumerateSubDocuments" while adding or removing sub-documents. | 6.8 |
| 2018-06-11 | CVE-2016-9904 | Information Exposure vulnerability in multiple products An attacker could use a JavaScript Map/Set timing attack to determine whether an atom is used by another compartment/zone in specific contexts. | 5.0 |
| 2018-06-11 | CVE-2016-9902 | Origin Validation Error vulnerability in multiple products The Pocket toolbar button, once activated, listens for events fired from it's own pages but does not verify the origin of incoming events. | 5.0 |
| 2018-06-11 | CVE-2016-9901 | Improper Input Validation vulnerability in multiple products HTML tags received from the Pocket server will be processed without sanitization and any JavaScript code executed will be run in the "about:pocket-saved" (unprivileged) page, giving it access to Pocket's messaging API through HTML injection. | 7.5 |
| 2018-06-11 | CVE-2016-9900 | 7PK - Security Features vulnerability in multiple products External resources that should be blocked when loaded by SVG images can bypass security restrictions through the use of "data:" URLs. | 5.0 |