Vulnerabilities > Mozilla > Firefox > 0.8
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-11 | CVE-2017-5378 | Information Exposure vulnerability in multiple products Hashed codes of JavaScript objects are shared between pages. | 5.0 |
| 2018-06-11 | CVE-2017-5377 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mozilla Firefox A memory corruption vulnerability in Skia that can occur when using transforms to make gradients, resulting in a potentially exploitable crash. | 7.5 |
| 2018-06-11 | CVE-2017-5376 | Use After Free vulnerability in multiple products Use-after-free while manipulating XSL in XSLT documents. | 7.5 |
| 2018-06-11 | CVE-2017-5375 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products JIT code allocation can allow for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. | 7.5 |
| 2018-06-11 | CVE-2017-5374 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mozilla Firefox Memory safety bugs were reported in Firefox 50.1. | 7.5 |
| 2018-06-11 | CVE-2017-5373 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mozilla Firefox, Firefox ESR and Thunderbird Memory safety bugs were reported in Firefox 50.1 and Firefox ESR 45.6. | 7.5 |
| 2018-06-11 | CVE-2016-9904 | Information Exposure vulnerability in multiple products An attacker could use a JavaScript Map/Set timing attack to determine whether an atom is used by another compartment/zone in specific contexts. | 5.0 |
| 2018-06-11 | CVE-2016-9903 | Cross-site Scripting vulnerability in Mozilla Firefox Mozilla's add-ons SDK had a world-accessible resource with an HTML injection vulnerability. | 4.3 |
| 2018-06-11 | CVE-2016-9902 | Origin Validation Error vulnerability in multiple products The Pocket toolbar button, once activated, listens for events fired from it's own pages but does not verify the origin of incoming events. | 5.0 |
| 2018-06-11 | CVE-2016-9901 | Improper Input Validation vulnerability in multiple products HTML tags received from the Pocket server will be processed without sanitization and any JavaScript code executed will be run in the "about:pocket-saved" (unprivileged) page, giving it access to Pocket's messaging API through HTML injection. | 7.5 |