Vulnerabilities > Mozilla > Thunderbird > 52.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-11 | CVE-2017-5436 | Out-of-bounds Write vulnerability in multiple products An out-of-bounds write in the Graphite 2 library triggered with a maliciously crafted Graphite font. | 6.8 |
| 2018-06-11 | CVE-2017-5435 | Use After Free vulnerability in multiple products A use-after-free vulnerability occurs during transaction processing in the editor during design mode interactions. | 7.5 |
| 2018-06-11 | CVE-2017-5434 | Use After Free vulnerability in multiple products A use-after-free vulnerability occurs when redirecting focus handling which results in a potentially exploitable crash. | 7.5 |
| 2018-06-11 | CVE-2017-5433 | Use After Free vulnerability in multiple products A use-after-free vulnerability in SMIL animation functions occurs when pointers to animation elements in an array are dropped from the animation controller while still in use. | 7.5 |
| 2018-06-11 | CVE-2017-5432 | Use After Free vulnerability in multiple products A use-after-free vulnerability occurs during certain text input selection resulting in a potentially exploitable crash. | 7.5 |
| 2018-06-11 | CVE-2017-5430 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Memory safety bugs were reported in Firefox 52, Firefox ESR 52, and Thunderbird 52. | 7.5 |
| 2018-06-11 | CVE-2017-5429 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Memory safety bugs were reported in Firefox 52, Firefox ESR 45.8, Firefox ESR 52, and Thunderbird 52. | 7.5 |
| 2018-06-11 | CVE-2017-5421 | Improper Input Validation vulnerability in Mozilla Firefox and Thunderbird A malicious site could spoof the contents of the print preview window if popup windows are enabled, resulting in user confusion of what site is currently loaded. | 5.0 |
| 2018-06-11 | CVE-2016-9899 | Use After Free vulnerability in multiple products Use-after-free while manipulating DOM events and removing audio elements due to errors in the handling of node adoption. | 7.5 |
| 2017-03-15 | CVE-2016-10196 | Out-of-bounds Write vulnerability in multiple products Stack-based buffer overflow in the evutil_parse_sockaddr_port function in evutil.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (segmentation fault) via vectors involving a long string in brackets in the ip_as_string argument. | 5.0 |