Vulnerabilities > Mozilla > Firefox > 3.0.5

DATE CVE VULNERABILITY TITLE RISK
2018-06-11 CVE-2017-5378 Information Exposure vulnerability in multiple products
Hashed codes of JavaScript objects are shared between pages.
network
low complexity
debian redhat mozilla CWE-200
5.0
2018-06-11 CVE-2017-5377 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mozilla Firefox
A memory corruption vulnerability in Skia that can occur when using transforms to make gradients, resulting in a potentially exploitable crash.
network
low complexity
mozilla CWE-119
7.5
2018-06-11 CVE-2017-5376 Use After Free vulnerability in multiple products
Use-after-free while manipulating XSL in XSLT documents.
network
low complexity
debian redhat mozilla CWE-416
7.5
2018-06-11 CVE-2017-5375 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
JIT code allocation can allow for a bypass of ASLR and DEP protections leading to potential memory corruption attacks.
network
low complexity
redhat mozilla debian CWE-119
7.5
2018-06-11 CVE-2017-5374 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mozilla Firefox
Memory safety bugs were reported in Firefox 50.1.
network
low complexity
mozilla CWE-119
7.5
2018-06-11 CVE-2017-5373 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mozilla Firefox, Firefox ESR and Thunderbird
Memory safety bugs were reported in Firefox 50.1 and Firefox ESR 45.6.
network
low complexity
mozilla debian redhat CWE-119
7.5
2018-06-11 CVE-2016-9904 Information Exposure vulnerability in multiple products
An attacker could use a JavaScript Map/Set timing attack to determine whether an atom is used by another compartment/zone in specific contexts.
network
low complexity
redhat debian mozilla CWE-200
5.0
2018-06-11 CVE-2016-9903 Cross-site Scripting vulnerability in Mozilla Firefox
Mozilla's add-ons SDK had a world-accessible resource with an HTML injection vulnerability.
network
mozilla CWE-79
4.3
2018-06-11 CVE-2016-9902 Origin Validation Error vulnerability in multiple products
The Pocket toolbar button, once activated, listens for events fired from it's own pages but does not verify the origin of incoming events.
network
low complexity
redhat mozilla CWE-346
5.0
2018-06-11 CVE-2016-9901 Improper Input Validation vulnerability in multiple products
HTML tags received from the Pocket server will be processed without sanitization and any JavaScript code executed will be run in the "about:pocket-saved" (unprivileged) page, giving it access to Pocket's messaging API through HTML injection.
network
low complexity
redhat mozilla CWE-20
7.5