Vulnerabilities > Mozilla > Firefox ESR > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-11 | CVE-2018-5144 | Integer Overflow or Wraparound vulnerability in multiple products An integer overflow can occur during conversion of text to some Unicode character sets due to an unchecked length parameter. | 7.3 |
| 2018-06-11 | CVE-2018-5130 | Improper Input Validation vulnerability in multiple products When packets with a mismatched RTP payload type are sent in WebRTC connections, in some circumstances a potentially exploitable crash is triggered. | 8.8 |
| 2018-06-11 | CVE-2018-5129 | Out-of-bounds Write vulnerability in multiple products A lack of parameter validation on IPC messages results in a potential out-of-bounds write through malformed IPC messages. | 8.6 |
| 2018-06-11 | CVE-2018-5127 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products A buffer overflow can occur when manipulating the SVG "animatedPathSegList" through script. | 8.8 |
| 2018-06-11 | CVE-2018-5125 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Memory safety bugs were reported in Firefox 58 and Firefox ESR 52.6. | 8.8 |
| 2018-06-11 | CVE-2017-7845 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mozilla Firefox A buffer overflow occurs when drawing and validating elements using Direct 3D 9 with the ANGLE graphics library, used for WebGL content. | 8.8 |
| 2018-06-11 | CVE-2017-7843 | Information Exposure vulnerability in multiple products When Private Browsing mode is used, it is possible for a web worker to write persistent data to IndexedDB and fingerprint a user uniquely. | 7.5 |
| 2018-06-11 | CVE-2017-7814 | Improper Input Validation vulnerability in multiple products File downloads encoded with "blob:" and "data:" URL elements bypassed normal file download checks though the Phishing and Malware Protection feature and its block lists of suspicious sites and files. | 7.8 |
| 2018-06-11 | CVE-2017-7807 | Improper Input Validation vulnerability in multiple products A mechanism that uses AppCache to hijack a URL in a domain using fallback by serving the files from a sub-path on the domain. | 8.1 |
| 2018-06-11 | CVE-2017-7804 | Improper Input Validation vulnerability in Mozilla Firefox The destructor function for the "WindowsDllDetourPatcher" class can be re-purposed by malicious code in concert with another vulnerability to write arbitrary data to an attacker controlled location in memory. | 7.5 |