Vulnerabilities > Mozilla > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-11 | CVE-2017-5419 | Unspecified vulnerability in Mozilla Thunderbird If a malicious site repeatedly triggers a modal authentication prompt, eventually the browser UI will become non-responsive, requiring shutdown through the operating system. | 7.5 |
| 2018-06-11 | CVE-2017-5416 | NULL Pointer Dereference vulnerability in Mozilla Thunderbird In certain circumstances a networking event listener can be prematurely released. | 7.5 |
| 2018-06-11 | CVE-2017-5412 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mozilla Firefox A buffer overflow read during SVG filter color value operations, resulting in data exposure. | 7.5 |
| 2018-06-11 | CVE-2017-5411 | Use After Free vulnerability in Mozilla Firefox A use-after-free can occur during buffer storage operations within the ANGLE graphics library, used for WebGL content. | 7.5 |
| 2018-06-11 | CVE-2017-5406 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mozilla Thunderbird A segmentation fault can occur in the Skia graphics library during some canvas operations due to issues with mask/clip intersection and empty masks. | 7.5 |
| 2018-06-11 | CVE-2017-5394 | Cross-Site Request Forgery (CSRF) vulnerability in Mozilla Firefox A location bar spoofing attack where the location bar of loaded page will be shown over the content of another tab due to a series of JavaScript events combined with fullscreen mode. | 8.8 |
| 2018-06-11 | CVE-2017-5388 | Allocation of Resources Without Limits or Throttling vulnerability in Mozilla Firefox A STUN server in conjunction with a large number of "webkitRTCPeerConnection" objects can be used to send large STUN packets in a short period of time due to a lack of rate limiting being applied on e10s systems, allowing for a denial of service attack. | 7.5 |
| 2018-06-11 | CVE-2017-5386 | WebExtension scripts can use the "data:" protocol to affect pages loaded by other web extensions using this protocol, leading to potential data disclosure or privilege escalation in affected extensions. | 7.3 |
| 2018-06-11 | CVE-2017-5385 | Information Exposure vulnerability in Mozilla Firefox Data sent with in multipart channels, such as the multipart/x-mixed-replace MIME type, will ignore the referrer-policy response header, leading to potential information disclosure for sites using this header. | 7.5 |
| 2018-06-11 | CVE-2017-5382 | Information Exposure vulnerability in Mozilla Firefox Feed preview for RSS feeds can be used to capture errors and exceptions generated by privileged content, allowing for the exposure of internal information not meant to be seen by web content. | 7.5 |