Vulnerabilities > Mozilla > Firefox ESR > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-11 | CVE-2017-5375 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products JIT code allocation can allow for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. | 7.5 |
| 2018-06-11 | CVE-2017-5373 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mozilla Firefox, Firefox ESR and Thunderbird Memory safety bugs were reported in Firefox 50.1 and Firefox ESR 45.6. | 7.5 |
| 2018-06-11 | CVE-2016-9901 | Improper Input Validation vulnerability in multiple products HTML tags received from the Pocket server will be processed without sanitization and any JavaScript code executed will be run in the "about:pocket-saved" (unprivileged) page, giving it access to Pocket's messaging API through HTML injection. | 7.5 |
| 2018-06-11 | CVE-2016-9899 | Use After Free vulnerability in multiple products Use-after-free while manipulating DOM events and removing audio elements due to errors in the handling of node adoption. | 7.5 |
| 2018-06-11 | CVE-2016-9898 | Use After Free vulnerability in multiple products Use-after-free resulting in potentially exploitable crash when manipulating DOM subtrees in the Editor. | 7.5 |
| 2018-06-11 | CVE-2016-9893 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Memory safety bugs were reported in Thunderbird 45.5. | 7.5 |
| 2018-06-11 | CVE-2016-5297 | Integer Overflow or Wraparound vulnerability in Mozilla Firefox, Firefox ESR and Thunderbird An error in argument length checking in JavaScript, leading to potential integer overflows or other bounds checking issues. | 7.5 |
| 2018-06-11 | CVE-2016-5290 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mozilla Firefox, Firefox ESR and Thunderbird Memory safety bugs were reported in Firefox 49 and Firefox ESR 45.4. | 7.5 |
| 2016-09-22 | CVE-2016-5281 | Use After Free vulnerability in Mozilla Firefox and Firefox ESR Use-after-free vulnerability in the DOMSVGLength class in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code by leveraging improper interaction between JavaScript code and an SVG document. | 7.5 |
| 2016-09-22 | CVE-2016-5280 | Use After Free vulnerability in Mozilla Firefox and Firefox ESR Use-after-free vulnerability in the mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code via bidirectional text. | 7.5 |