Vulnerabilities > Mozilla > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-11 | CVE-2017-5412 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mozilla Firefox A buffer overflow read during SVG filter color value operations, resulting in data exposure. | 7.5 |
| 2018-06-11 | CVE-2017-5411 | Use After Free vulnerability in Mozilla Firefox A use-after-free can occur during buffer storage operations within the ANGLE graphics library, used for WebGL content. | 7.5 |
| 2018-06-11 | CVE-2017-5406 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mozilla Thunderbird A segmentation fault can occur in the Skia graphics library during some canvas operations due to issues with mask/clip intersection and empty masks. | 7.5 |
| 2018-06-11 | CVE-2017-5394 | Cross-Site Request Forgery (CSRF) vulnerability in Mozilla Firefox A location bar spoofing attack where the location bar of loaded page will be shown over the content of another tab due to a series of JavaScript events combined with fullscreen mode. | 8.8 |
| 2018-06-11 | CVE-2017-5388 | Allocation of Resources Without Limits or Throttling vulnerability in Mozilla Firefox A STUN server in conjunction with a large number of "webkitRTCPeerConnection" objects can be used to send large STUN packets in a short period of time due to a lack of rate limiting being applied on e10s systems, allowing for a denial of service attack. | 7.5 |
| 2018-06-11 | CVE-2017-5386 | WebExtension scripts can use the "data:" protocol to affect pages loaded by other web extensions using this protocol, leading to potential data disclosure or privilege escalation in affected extensions. | 7.3 |
| 2018-06-11 | CVE-2017-5385 | Information Exposure vulnerability in Mozilla Firefox Data sent with in multipart channels, such as the multipart/x-mixed-replace MIME type, will ignore the referrer-policy response header, leading to potential information disclosure for sites using this header. | 7.5 |
| 2018-06-11 | CVE-2017-5382 | Information Exposure vulnerability in Mozilla Firefox Feed preview for RSS feeds can be used to capture errors and exceptions generated by privileged content, allowing for the exposure of internal information not meant to be seen by web content. | 7.5 |
| 2018-06-11 | CVE-2017-5381 | Path Traversal vulnerability in Mozilla Firefox The "export" function in the Certificate Viewer can force local filesystem navigation when the "common name" in a certificate contains slashes, allowing certificate content to be saved in unsafe locations with an arbitrary filename. | 7.5 |
| 2018-06-11 | CVE-2017-5379 | Use After Free vulnerability in Mozilla Firefox Use-after-free vulnerability in Web Animations when interacting with cycle collection found through fuzzing. | 7.5 |