Vulnerabilities > Mozilla > Firefox ESR > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-11 | CVE-2017-5446 | Out-of-bounds Read vulnerability in multiple products An out-of-bounds read when an HTTP/2 connection to a servers sends "DATA" frames with incorrect data content. | 9.8 |
| 2018-06-11 | CVE-2017-5447 | Use After Free vulnerability in multiple products An out-of-bounds read during the processing of glyph widths during text layout. | 9.1 |
| 2018-06-11 | CVE-2017-5456 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products A mechanism to bypass file system access protections in the sandbox using the file system request constructor through an IPC message. | 9.8 |
| 2018-06-11 | CVE-2017-5459 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products A buffer overflow in WebGL triggerable by web content, resulting in a potentially exploitable crash. | 9.8 |
| 2018-06-11 | CVE-2017-5460 | Use After Free vulnerability in multiple products A use-after-free vulnerability in frame selection triggered by a combination of malicious script content and key presses by a user. | 9.8 |
| 2018-06-11 | CVE-2017-5465 | Out-of-bounds Read vulnerability in multiple products An out-of-bounds read while processing SVG content in "ConvolvePixel". | 9.1 |
| 2018-06-11 | CVE-2017-5469 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Fixed potential buffer overflows in generated Firefox code due to CVE-2016-6354 issue in Flex. | 9.8 |
| 2018-06-11 | CVE-2017-5470 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Memory safety bugs were reported in Firefox 53 and Firefox ESR 52.1. | 9.8 |
| 2018-06-11 | CVE-2017-5472 | Use After Free vulnerability in multiple products A use-after-free vulnerability with the frameloader during tree reconstruction while regenerating CSS layout when attempting to use a node in the tree that no longer exists. | 9.8 |
| 2018-06-11 | CVE-2017-7749 | Use After Free vulnerability in multiple products A use-after-free vulnerability when using an incorrect URL during the reloading of a docshell. | 9.8 |