Vulnerabilities > Mozilla > Firefox > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-11 | CVE-2017-7778 | Out-of-bounds Write vulnerability in multiple products A number of security vulnerabilities in the Graphite 2 library including out-of-bounds reads, buffer overflow reads and writes, and the use of uninitialized memory. | 9.8 |
| 2018-06-11 | CVE-2017-7779 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Memory safety bugs were reported in Firefox 54, Firefox ESR 52.2, and Thunderbird 52.2. | 9.8 |
| 2018-06-11 | CVE-2017-7780 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mozilla Firefox Memory safety bugs were reported in Firefox 54. | 9.8 |
| 2018-06-11 | CVE-2017-7784 | Use After Free vulnerability in multiple products A use-after-free vulnerability can occur when reading an image observer during frame reconstruction after the observer has been freed. | 9.8 |
| 2018-06-11 | CVE-2017-7785 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products A buffer overflow can occur when manipulating Accessible Rich Internet Applications (ARIA) attributes within the DOM. | 9.8 |
| 2018-06-11 | CVE-2017-7786 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products A buffer overflow can occur when the image renderer attempts to paint non-displayable SVG elements. | 9.8 |
| 2018-06-11 | CVE-2017-7788 | Injection vulnerability in Mozilla Firefox When an "iframe" has a "sandbox" attribute and its content is specified using "srcdoc", that content does not inherit the containing page's Content Security Policy (CSP) as it should unless the sandbox attribute included "allow-same-origin". | 9.8 |
| 2018-06-11 | CVE-2017-7792 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products A buffer overflow will occur when viewing a certificate in the certificate manager if the certificate has an extremely long object identifier (OID). | 9.8 |
| 2018-06-11 | CVE-2017-7793 | Use After Free vulnerability in multiple products A use-after-free vulnerability can occur in the Fetch API when the worker or the associated window are freed when still in use, resulting in a potentially exploitable crash. | 9.8 |
| 2018-06-11 | CVE-2017-7800 | Use After Free vulnerability in multiple products A use-after-free vulnerability can occur in WebSockets when the object holding the connection is freed before the disconnection operation is finished. | 9.8 |