Vulnerabilities > Mozilla > Firefox > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-11 | CVE-2017-5391 | Unspecified vulnerability in Mozilla Firefox Special "about:" pages used by web content, such as RSS feeds, can load privileged "about:" pages in an iframe. | 9.8 |
| 2018-06-11 | CVE-2017-5392 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mozilla Firefox Weak proxy objects have weak references on multiple threads when they should only have them on one, resulting in incorrect memory usage and corruption, which leads to potentially exploitable crashes. | 9.8 |
| 2018-06-11 | CVE-2017-5396 | Use After Free vulnerability in multiple products A use-after-free vulnerability in the Media Decoder when working with media files when some events are fired after the media elements are freed from memory. | 9.8 |
| 2018-06-11 | CVE-2017-5397 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Mozilla Firefox The cache directory on the local file system is set to be world writable. | 9.8 |
| 2018-06-11 | CVE-2017-5398 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Memory safety bugs were reported in Thunderbird 45.7. | 9.8 |
| 2018-06-11 | CVE-2017-5399 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mozilla Firefox Memory safety bugs were reported in Firefox 51. | 9.8 |
| 2018-06-11 | CVE-2017-5400 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products JIT-spray targeting asm.js combined with a heap spray allows for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. | 9.8 |
| 2018-06-11 | CVE-2017-5401 | 7PK - Errors vulnerability in multiple products A crash triggerable by web content in which an "ErrorResult" references unassigned memory due to a logic error. | 9.8 |
| 2018-06-11 | CVE-2017-5402 | Use After Free vulnerability in multiple products A use-after-free can occur when events are fired for a "FontFace" object after the object has been already been destroyed while working with fonts. | 9.8 |
| 2018-06-11 | CVE-2017-5403 | Use After Free vulnerability in Mozilla Thunderbird When adding a range to an object in the DOM, it is possible to use "addRange" to add the range to an incorrect root object. | 9.8 |