| Max CVSS | 7.5 | Min CVSS | 2.1 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2016-9064 | 4.3 |
Add-on updates failed to verify that the add-on ID inside the signed package matched the ID of the add-on being updated. An attacker who could perform a man-in-the-middle attack on the user's connection to the update server and defeat the certificate
|
01-08-2018 - 14:56 | 11-06-2018 - 21:29 | |
| CVE-2016-9066 | 5.0 |
A buffer overflow resulting in a potentially exploitable crash due to memory allocation issues when handling large amounts of incoming data. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.
|
30-07-2018 - 13:22 | 11-06-2018 - 21:29 | |
| CVE-2016-5297 | 7.5 |
An error in argument length checking in JavaScript, leading to potential integer overflows or other bounds checking issues. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.
|
30-07-2018 - 12:53 | 11-06-2018 - 21:29 | |
| CVE-2016-5294 | 2.1 |
The Mozilla Updater can be made to choose an arbitrary target working directory for output files resulting from the update process. This vulnerability requires local system access. Note: this issue only affects Windows operating systems. This vulnera
|
30-07-2018 - 12:45 | 11-06-2018 - 21:29 | |
| CVE-2016-5293 | 2.1 |
When the Mozilla Updater is run, if the Updater's log file in the working directory points to a hardlink, data can be appended to an arbitrary local file. This vulnerability requires local system access. Note: this issue only affects Windows operatin
|
30-07-2018 - 12:44 | 11-06-2018 - 21:29 | |
| CVE-2016-5291 | 4.9 |
A same-origin policy bypass with local shortcut files to load arbitrary local content from disk. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.
|
30-07-2018 - 12:40 | 11-06-2018 - 21:29 |