Vulnerabilities > Mozilla > Firefox ESR > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-11 | CVE-2016-5297 | Integer Overflow or Wraparound vulnerability in multiple products An error in argument length checking in JavaScript, leading to potential integer overflows or other bounds checking issues. | 9.8 |
| 2018-06-11 | CVE-2016-9893 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Memory safety bugs were reported in Thunderbird 45.5. | 9.8 |
| 2018-06-11 | CVE-2016-9898 | Use After Free vulnerability in multiple products Use-after-free resulting in potentially exploitable crash when manipulating DOM subtrees in the Editor. | 9.8 |
| 2018-06-11 | CVE-2016-9899 | Use After Free vulnerability in multiple products Use-after-free while manipulating DOM events and removing audio elements due to errors in the handling of node adoption. | 9.8 |
| 2018-06-11 | CVE-2016-9901 | Improper Input Validation vulnerability in multiple products HTML tags received from the Pocket server will be processed without sanitization and any JavaScript code executed will be run in the "about:pocket-saved" (unprivileged) page, giving it access to Pocket's messaging API through HTML injection. | 9.8 |
| 2018-06-11 | CVE-2017-5373 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Memory safety bugs were reported in Firefox 50.1 and Firefox ESR 45.6. | 9.8 |
| 2018-06-11 | CVE-2017-5375 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products JIT code allocation can allow for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. | 9.8 |
| 2018-06-11 | CVE-2017-5376 | Use After Free vulnerability in multiple products Use-after-free while manipulating XSL in XSLT documents. | 9.8 |
| 2018-06-11 | CVE-2017-5380 | Use After Free vulnerability in multiple products A potential use-after-free found through fuzzing during DOM manipulation of SVG content. | 9.8 |
| 2018-06-11 | CVE-2017-5390 | The JSON viewer in the Developer Tools uses insecure methods to create a communication channel for copying and viewing JSON or HTTP headers data, allowing for potential privilege escalation. | 9.8 |