Vulnerabilities > Mozilla > High

DATE CVE VULNERABILITY TITLE RISK
2018-06-11 CVE-2017-5421 Improper Input Validation vulnerability in Mozilla Thunderbird
A malicious site could spoof the contents of the print preview window if popup windows are enabled, resulting in user confusion of what site is currently loaded.
network
low complexity
mozilla CWE-20
7.5
2018-06-11 CVE-2017-5419 Unspecified vulnerability in Mozilla Thunderbird
If a malicious site repeatedly triggers a modal authentication prompt, eventually the browser UI will become non-responsive, requiring shutdown through the operating system.
network
low complexity
mozilla
7.5
2018-06-11 CVE-2017-5416 NULL Pointer Dereference vulnerability in Mozilla Thunderbird
In certain circumstances a networking event listener can be prematurely released.
network
low complexity
mozilla CWE-476
7.5
2018-06-11 CVE-2017-5412 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mozilla Firefox
A buffer overflow read during SVG filter color value operations, resulting in data exposure.
network
low complexity
mozilla CWE-119
7.5
2018-06-11 CVE-2017-5411 Use After Free vulnerability in Mozilla Firefox
A use-after-free can occur during buffer storage operations within the ANGLE graphics library, used for WebGL content.
network
low complexity
mozilla CWE-416
7.5
2018-06-11 CVE-2017-5406 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mozilla Thunderbird
A segmentation fault can occur in the Skia graphics library during some canvas operations due to issues with mask/clip intersection and empty masks.
network
low complexity
mozilla CWE-119
7.5
2018-06-11 CVE-2017-5394 Cross-Site Request Forgery (CSRF) vulnerability in Mozilla Firefox
A location bar spoofing attack where the location bar of loaded page will be shown over the content of another tab due to a series of JavaScript events combined with fullscreen mode.
network
low complexity
mozilla CWE-352
8.8
2018-06-11 CVE-2017-5388 Allocation of Resources Without Limits or Throttling vulnerability in Mozilla Firefox
A STUN server in conjunction with a large number of "webkitRTCPeerConnection" objects can be used to send large STUN packets in a short period of time due to a lack of rate limiting being applied on e10s systems, allowing for a denial of service attack.
network
low complexity
mozilla CWE-770
7.5
2018-06-11 CVE-2017-5386 WebExtension scripts can use the "data:" protocol to affect pages loaded by other web extensions using this protocol, leading to potential data disclosure or privilege escalation in affected extensions.
network
low complexity
debian redhat mozilla
7.3
2018-06-11 CVE-2017-5385 Information Exposure vulnerability in Mozilla Firefox
Data sent with in multipart channels, such as the multipart/x-mixed-replace MIME type, will ignore the referrer-policy response header, leading to potential information disclosure for sites using this header.
network
low complexity
mozilla CWE-200
7.5