Vulnerabilities > Mozilla > Firefox ESR
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-11 | CVE-2016-9893 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Memory safety bugs were reported in Thunderbird 45.5. | 9.8 |
| 2018-06-11 | CVE-2016-9079 | Use After Free vulnerability in multiple products A use-after-free vulnerability in SVG Animation has been discovered. | 7.5 |
| 2018-06-11 | CVE-2016-9074 | Information Exposure vulnerability in multiple products An existing mitigation of timing side-channel attacks is insufficient in some circumstances. | 5.9 |
| 2018-06-11 | CVE-2016-9066 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products A buffer overflow resulting in a potentially exploitable crash due to memory allocation issues when handling large amounts of incoming data. | 7.5 |
| 2018-06-11 | CVE-2016-9064 | Improper Certificate Validation vulnerability in Mozilla Firefox Add-on updates failed to verify that the add-on ID inside the signed package matched the ID of the add-on being updated. | 5.9 |
| 2018-06-11 | CVE-2016-5297 | Integer Overflow or Wraparound vulnerability in multiple products An error in argument length checking in JavaScript, leading to potential integer overflows or other bounds checking issues. | 9.8 |
| 2018-06-11 | CVE-2016-5296 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products A heap-buffer-overflow in Cairo when processing SVG content caused by compiler optimization, resulting in a potentially exploitable crash. | 7.5 |
| 2018-06-11 | CVE-2016-5294 | Improper Input Validation vulnerability in Mozilla Firefox The Mozilla Updater can be made to choose an arbitrary target working directory for output files resulting from the update process. | 5.5 |
| 2018-06-11 | CVE-2016-5293 | Improper Input Validation vulnerability in multiple products When the Mozilla Updater is run, if the Updater's log file in the working directory points to a hardlink, data can be appended to an arbitrary local file. | 5.5 |
| 2018-06-11 | CVE-2016-5291 | Improper Input Validation vulnerability in multiple products A same-origin policy bypass with local shortcut files to load arbitrary local content from disk. | 5.5 |