Vulnerabilities > Mozilla > Firefox > 37.0.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-11 | CVE-2017-5402 | Use After Free vulnerability in multiple products A use-after-free can occur when events are fired for a "FontFace" object after the object has been already been destroyed while working with fonts. | 7.5 |
| 2018-06-11 | CVE-2017-5401 | 7PK - Errors vulnerability in multiple products A crash triggerable by web content in which an "ErrorResult" references unassigned memory due to a logic error. | 7.5 |
| 2018-06-11 | CVE-2017-5400 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products JIT-spray targeting asm.js combined with a heap spray allows for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. | 7.5 |
| 2018-06-11 | CVE-2017-5399 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mozilla Firefox and Thunderbird Memory safety bugs were reported in Firefox 51. | 10.0 |
| 2018-06-11 | CVE-2017-5398 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Memory safety bugs were reported in Thunderbird 45.7. | 10.0 |
| 2018-06-11 | CVE-2017-5397 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Mozilla Firefox The cache directory on the local file system is set to be world writable. | 10.0 |
| 2018-06-11 | CVE-2017-5396 | Use After Free vulnerability in multiple products A use-after-free vulnerability in the Media Decoder when working with media files when some events are fired after the media elements are freed from memory. | 7.5 |
| 2018-06-11 | CVE-2017-5395 | Improper Input Validation vulnerability in Mozilla Firefox Malicious sites can display a spoofed location bar on a subsequently loaded page when the existing location bar on the new page is scrolled out of view if navigations between pages can be timed correctly. | 4.3 |
| 2018-06-11 | CVE-2017-5394 | Cross-Site Request Forgery (CSRF) vulnerability in Mozilla Firefox A location bar spoofing attack where the location bar of loaded page will be shown over the content of another tab due to a series of JavaScript events combined with fullscreen mode. | 6.8 |
| 2018-06-11 | CVE-2017-5393 | Cross-site Scripting vulnerability in Mozilla Firefox The "mozAddonManager" allows for the installation of extensions from the CDN for addons.mozilla.org, a publicly accessible site. | 4.3 |