Vulnerabilities > Mozilla > Thunderbird > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-11 | CVE-2017-5419 | Unspecified vulnerability in Mozilla Thunderbird If a malicious site repeatedly triggers a modal authentication prompt, eventually the browser UI will become non-responsive, requiring shutdown through the operating system. | 7.5 |
| 2018-06-11 | CVE-2017-5416 | NULL Pointer Dereference vulnerability in Mozilla Thunderbird In certain circumstances a networking event listener can be prematurely released. | 7.5 |
| 2018-06-11 | CVE-2017-5412 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mozilla Firefox A buffer overflow read during SVG filter color value operations, resulting in data exposure. | 7.5 |
| 2018-06-11 | CVE-2017-5411 | Use After Free vulnerability in Mozilla Firefox A use-after-free can occur during buffer storage operations within the ANGLE graphics library, used for WebGL content. | 7.5 |
| 2018-06-11 | CVE-2017-5406 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mozilla Thunderbird A segmentation fault can occur in the Skia graphics library during some canvas operations due to issues with mask/clip intersection and empty masks. | 7.5 |
| 2018-06-11 | CVE-2017-5378 | Information Exposure vulnerability in multiple products Hashed codes of JavaScript objects are shared between pages. | 7.5 |
| 2018-06-11 | CVE-2016-9905 | Improper Access Control vulnerability in multiple products A potentially exploitable crash in "EnumerateSubDocuments" while adding or removing sub-documents. | 8.8 |
| 2018-06-11 | CVE-2016-9904 | Information Exposure vulnerability in multiple products An attacker could use a JavaScript Map/Set timing attack to determine whether an atom is used by another compartment/zone in specific contexts. | 7.5 |
| 2018-06-11 | CVE-2016-9900 | 7PK - Security Features vulnerability in multiple products External resources that should be blocked when loaded by SVG images can bypass security restrictions through the use of "data:" URLs. | 7.5 |
| 2018-06-11 | CVE-2016-9897 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Memory corruption resulting in a potentially exploitable crash during WebGL functions using a vector constructor with a varying array within libGLES. | 7.5 |