Vulnerabilities > Mozilla > Firefox > 49.0.2

DATE CVE VULNERABILITY TITLE RISK
2018-06-11 CVE-2017-5380 Use After Free vulnerability in multiple products
A potential use-after-free found through fuzzing during DOM manipulation of SVG content.
network
low complexity
debian redhat mozilla CWE-416
7.5
7.5
2018-06-11 CVE-2017-5379 Use After Free vulnerability in Mozilla Firefox
Use-after-free vulnerability in Web Animations when interacting with cycle collection found through fuzzing.
network
low complexity
mozilla CWE-416
5.0
5.0
2018-06-11 CVE-2017-5378 Information Exposure vulnerability in multiple products
Hashed codes of JavaScript objects are shared between pages.
network
low complexity
debian redhat mozilla CWE-200
5.0
5.0
2018-06-11 CVE-2017-5377 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mozilla Firefox
A memory corruption vulnerability in Skia that can occur when using transforms to make gradients, resulting in a potentially exploitable crash.
network
low complexity
mozilla CWE-119
7.5
7.5
2018-06-11 CVE-2017-5376 Use After Free vulnerability in multiple products
Use-after-free while manipulating XSL in XSLT documents.
network
low complexity
debian redhat mozilla CWE-416
7.5
7.5
2018-06-11 CVE-2017-5375 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
JIT code allocation can allow for a bypass of ASLR and DEP protections leading to potential memory corruption attacks.
network
low complexity
redhat mozilla debian CWE-119
7.5
7.5
2018-06-11 CVE-2017-5374 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mozilla Firefox
Memory safety bugs were reported in Firefox 50.1.
network
low complexity
mozilla CWE-119
7.5
7.5
2018-06-11 CVE-2017-5373 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mozilla Firefox, Firefox ESR and Thunderbird
Memory safety bugs were reported in Firefox 50.1 and Firefox ESR 45.6.
network
low complexity
mozilla debian redhat CWE-119
7.5
7.5
2018-06-11 CVE-2016-9904 Information Exposure vulnerability in multiple products
An attacker could use a JavaScript Map/Set timing attack to determine whether an atom is used by another compartment/zone in specific contexts.
network
low complexity
redhat debian mozilla CWE-200
5.0
5.0
2018-06-11 CVE-2016-9903 Cross-site Scripting vulnerability in Mozilla Firefox
Mozilla's add-ons SDK had a world-accessible resource with an HTML injection vulnerability.
network
mozilla CWE-79
4.3
4.3