Vulnerabilities > Mozilla > Thunderbird > Critical

DATE CVE VULNERABILITY TITLE RISK
2018-06-11 CVE-2017-5435 Use After Free vulnerability in multiple products
A use-after-free vulnerability occurs during transaction processing in the editor during design mode interactions.
network
low complexity
debian redhat mozilla CWE-416
critical
 9.8
9.8
2018-06-11 CVE-2017-5438 Use After Free vulnerability in multiple products
A use-after-free vulnerability during XSLT processing due to the result handler being held by a freed handler during handling.
network
low complexity
debian redhat mozilla CWE-416
critical
 9.8
9.8
2018-06-11 CVE-2017-5439 Use After Free vulnerability in multiple products
A use-after-free vulnerability during XSLT processing due to poor handling of template parameters.
network
low complexity
debian redhat mozilla CWE-416
critical
 9.8
9.8
2018-06-11 CVE-2017-5440 Use After Free vulnerability in multiple products
A use-after-free vulnerability during XSLT processing due to a failure to propagate error conditions during matching while evaluating context, leading to objects being used when they no longer exist.
network
low complexity
debian redhat mozilla CWE-416
critical
 9.8
9.8
2018-06-11 CVE-2017-5441 Use After Free vulnerability in multiple products
A use-after-free vulnerability when holding a selection during scroll events.
network
low complexity
debian redhat mozilla CWE-416
critical
 9.8
9.8
2018-06-11 CVE-2017-5442 Use After Free vulnerability in multiple products
A use-after-free vulnerability during changes in style when manipulating DOM elements.
network
low complexity
debian redhat mozilla CWE-416
critical
 9.8
9.8
2018-06-11 CVE-2017-5443 Out-of-bounds Write vulnerability in multiple products
An out-of-bounds write vulnerability while decoding improperly formed BinHex format archives.
network
low complexity
debian redhat mozilla CWE-787
critical
 9.8
9.8
2018-06-11 CVE-2017-5446 Out-of-bounds Read vulnerability in multiple products
An out-of-bounds read when an HTTP/2 connection to a servers sends "DATA" frames with incorrect data content.
network
low complexity
debian redhat mozilla CWE-125
critical
 9.8
9.8
2018-06-11 CVE-2017-5447 Use After Free vulnerability in multiple products
An out-of-bounds read during the processing of glyph widths during text layout.
network
low complexity
debian redhat mozilla CWE-416
critical
 9.1
9.1
2018-06-11 CVE-2017-5459 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
A buffer overflow in WebGL triggerable by web content, resulting in a potentially exploitable crash.
network
low complexity
redhat debian mozilla CWE-119
critical
 9.8
9.8