Vulnerabilities > Mozilla > Firefox > 21.0

DATE CVE VULNERABILITY TITLE RISK
2018-06-11 CVE-2016-9901 Improper Input Validation vulnerability in multiple products
HTML tags received from the Pocket server will be processed without sanitization and any JavaScript code executed will be run in the "about:pocket-saved" (unprivileged) page, giving it access to Pocket's messaging API through HTML injection.
network
low complexity
redhat mozilla CWE-20
7.5
2018-06-11 CVE-2016-9900 7PK - Security Features vulnerability in multiple products
External resources that should be blocked when loaded by SVG images can bypass security restrictions through the use of "data:" URLs.
network
low complexity
debian redhat mozilla CWE-254
5.0
2018-06-11 CVE-2016-9899 Use After Free vulnerability in multiple products
Use-after-free while manipulating DOM events and removing audio elements due to errors in the handling of node adoption.
network
low complexity
debian redhat mozilla CWE-416
critical
9.8
2018-06-11 CVE-2016-9898 Use After Free vulnerability in multiple products
Use-after-free resulting in potentially exploitable crash when manipulating DOM subtrees in the Editor.
network
low complexity
debian redhat mozilla CWE-416
7.5
2018-06-11 CVE-2016-9897 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Memory corruption resulting in a potentially exploitable crash during WebGL functions using a vector constructor with a varying array within libGLES.
network
low complexity
redhat debian mozilla CWE-119
5.0
2018-06-11 CVE-2016-9896 Use After Free vulnerability in Mozilla Firefox
Use-after-free while manipulating the "navigator" object within WebVR.
network
mozilla CWE-416
6.8
2018-06-11 CVE-2016-9895 7PK - Security Features vulnerability in multiple products
Event handlers on "marquee" elements were executed despite a strict Content Security Policy (CSP) that disallowed inline JavaScript.
4.3
2018-06-11 CVE-2016-9894 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mozilla Firefox
A buffer overflow in SkiaGl caused when a GrGLBuffer is truncated during allocation.
network
low complexity
mozilla CWE-119
5.0
2018-06-11 CVE-2016-9893 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Memory safety bugs were reported in Thunderbird 45.5.
network
low complexity
debian redhat mozilla CWE-119
7.5
2018-06-11 CVE-2016-9080 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mozilla Firefox
Memory safety bugs were reported in Firefox 50.0.2.
network
low complexity
mozilla CWE-119
7.5