Vulnerabilities > Mozilla > Firefox > 37.0.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-11 | CVE-2017-5412 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mozilla Firefox and Thunderbird A buffer overflow read during SVG filter color value operations, resulting in data exposure. | 5.0 |
| 2018-06-11 | CVE-2017-5411 | Use After Free vulnerability in Mozilla Firefox and Thunderbird A use-after-free can occur during buffer storage operations within the ANGLE graphics library, used for WebGL content. | 5.0 |
| 2018-06-11 | CVE-2017-5410 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Memory corruption resulting in a potentially exploitable crash during garbage collection of JavaScript due errors in how incremental sweeping is managed for memory cleanup. | 7.5 |
| 2018-06-11 | CVE-2017-5409 | Improper Privilege Management vulnerability in Mozilla Firefox and Firefox ESR The Mozilla Windows updater can be called by a non-privileged user to delete an arbitrary local file by passing a special path to the callback parameter through the Mozilla Maintenance Service, which has privileged access. | 3.6 |
| 2018-06-11 | CVE-2017-5408 | Information Exposure vulnerability in multiple products Video files loaded video captions cross-origin without checking for the presence of CORS headers permitting such cross-origin use, leading to potential information disclosure for video captions. | 5.0 |
| 2018-06-11 | CVE-2017-5407 | Information Exposure vulnerability in multiple products Using SVG filters that don't use the fixed point math implementation on a target iframe, a malicious page can extract pixel values from a targeted user. | 4.3 |
| 2018-06-11 | CVE-2017-5406 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mozilla Firefox and Thunderbird A segmentation fault can occur in the Skia graphics library during some canvas operations due to issues with mask/clip intersection and empty masks. | 5.0 |
| 2018-06-11 | CVE-2017-5405 | DEPRECATED: Use of Uninitialized Resource vulnerability in multiple products Certain response codes in FTP connections can result in the use of uninitialized values for ports in FTP operations. | 5.0 |
| 2018-06-11 | CVE-2017-5404 | Use After Free vulnerability in multiple products A use-after-free error can occur when manipulating ranges in selections with one node inside a native anonymous tree and one node outside of it. | 7.5 |
| 2018-06-11 | CVE-2017-5403 | Use After Free vulnerability in Mozilla Firefox and Thunderbird When adding a range to an object in the DOM, it is possible to use "addRange" to add the range to an incorrect root object. | 7.5 |