Vulnerabilities > Mozilla > Thunderbird > 52.1.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-11 | CVE-2017-7803 | Improper Privilege Management vulnerability in multiple products When a page's content security policy (CSP) header contains a "sandbox" directive, other directives are ignored. | 5.0 |
| 2018-06-11 | CVE-2017-7802 | Use After Free vulnerability in multiple products A use-after-free vulnerability can occur when manipulating the DOM during the resize event of an image element. | 7.5 |
| 2018-06-11 | CVE-2017-7801 | Use After Free vulnerability in multiple products A use-after-free vulnerability can occur while re-computing layout for a "marquee" element during window resizing where the updated style object is freed while still in use. | 7.5 |
| 2018-06-11 | CVE-2017-7800 | Use After Free vulnerability in multiple products A use-after-free vulnerability can occur in WebSockets when the object holding the connection is freed before the disconnection operation is finished. | 7.5 |
| 2018-06-11 | CVE-2017-7793 | Use After Free vulnerability in multiple products A use-after-free vulnerability can occur in the Fetch API when the worker or the associated window are freed when still in use, resulting in a potentially exploitable crash. | 7.5 |
| 2018-06-11 | CVE-2017-7792 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products A buffer overflow will occur when viewing a certificate in the certificate manager if the certificate has an extremely long object identifier (OID). | 7.5 |
| 2018-06-11 | CVE-2017-7791 | Improper Input Validation vulnerability in multiple products On pages containing an iframe, the "data:" protocol can be used to create a modal alert that will render over arbitrary domains following page navigation, spoofing of the origin of the modal alert from the iframe content. | 5.0 |
| 2018-06-11 | CVE-2017-7787 | Information Exposure vulnerability in multiple products Same-origin policy protections can be bypassed on pages with embedded iframes during page reloads, allowing the iframes to access content on the top level page, leading to information disclosure. | 5.0 |
| 2018-06-11 | CVE-2017-7786 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products A buffer overflow can occur when the image renderer attempts to paint non-displayable SVG elements. | 7.5 |
| 2018-06-11 | CVE-2017-7785 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products A buffer overflow can occur when manipulating Accessible Rich Internet Applications (ARIA) attributes within the DOM. | 7.5 |