Vulnerabilities > Mozilla > Firefox ESR > High

DATE CVE VULNERABILITY TITLE RISK
2018-06-11 CVE-2018-5157 Origin Validation Error vulnerability in multiple products
Same-origin protections for the PDF viewer can be bypassed, allowing a malicious site to intercept messages meant for the viewer.
network
low complexity
redhat debian canonical mozilla CWE-346
7.5
2018-06-11 CVE-2018-5146 Out-of-bounds Write vulnerability in multiple products
An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest.
network
low complexity
redhat debian canonical mozilla CWE-787
8.8
2018-06-11 CVE-2018-5144 Integer Overflow or Wraparound vulnerability in multiple products
An integer overflow can occur during conversion of text to some Unicode character sets due to an unchecked length parameter.
network
low complexity
redhat debian canonical mozilla CWE-190
7.3
2018-06-11 CVE-2018-5130 Improper Input Validation vulnerability in multiple products
When packets with a mismatched RTP payload type are sent in WebRTC connections, in some circumstances a potentially exploitable crash is triggered.
network
low complexity
debian redhat canonical mozilla CWE-20
8.8
2018-06-11 CVE-2018-5129 Out-of-bounds Write vulnerability in multiple products
A lack of parameter validation on IPC messages results in a potential out-of-bounds write through malformed IPC messages.
network
low complexity
debian mozilla redhat canonical CWE-787
8.6
2018-06-11 CVE-2018-5127 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
A buffer overflow can occur when manipulating the SVG "animatedPathSegList" through script.
network
low complexity
redhat debian canonical mozilla CWE-119
8.8
2018-06-11 CVE-2018-5125 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Memory safety bugs were reported in Firefox 58 and Firefox ESR 52.6.
network
low complexity
canonical redhat debian mozilla CWE-119
8.8
2018-06-11 CVE-2017-7845 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mozilla Firefox
A buffer overflow occurs when drawing and validating elements using Direct 3D 9 with the ANGLE graphics library, used for WebGL content.
network
low complexity
mozilla CWE-119
8.8
2018-06-11 CVE-2017-7843 Information Exposure vulnerability in multiple products
When Private Browsing mode is used, it is possible for a web worker to write persistent data to IndexedDB and fingerprint a user uniquely.
network
low complexity
debian mozilla redhat CWE-200
7.5
2018-06-11 CVE-2017-7814 Improper Input Validation vulnerability in multiple products
File downloads encoded with "blob:" and "data:" URL elements bypassed normal file download checks though the Phishing and Malware Protection feature and its block lists of suspicious sites and files.
local
low complexity
redhat mozilla debian CWE-20
7.8