Vulnerabilities > Canonical

DATE CVE VULNERABILITY TITLE RISK
2018-06-11 CVE-2018-5168 Sites can bypass security checks on permissions to install lightweight themes by manipulating the "baseURI" property of the theme element.
network
low complexity
debian mozilla canonical redhat
5.3
2018-06-11 CVE-2018-5167 Improper Input Validation vulnerability in multiple products
The web console and JavaScript debugger do not sanitize all output that can be hyperlinked.
network
low complexity
canonical mozilla CWE-20
4.3
2018-06-11 CVE-2018-5166 Improper Privilege Management vulnerability in multiple products
WebExtensions can use request redirection and a "filterReponseData" filter to bypass host permission settings to redirect network traffic and access content from a host for which they do not have explicit user permission.
network
low complexity
canonical mozilla CWE-269
7.5
2018-06-11 CVE-2018-5164 Cross-site Scripting vulnerability in multiple products
Content Security Policy (CSP) is not applied correctly to all parts of multipart content sent with the "multipart/x-mixed-replace" MIME type.
network
low complexity
mozilla canonical CWE-79
6.1
2018-06-11 CVE-2018-5163 Improper Preservation of Permissions vulnerability in multiple products
If a malicious attacker has used another vulnerability to gain full control over a content process, they may be able to replace the alternate data resources stored in the JavaScript Start-up Bytecode Cache (JSBC) for other JavaScript code.
network
high complexity
canonical mozilla CWE-281
8.1
2018-06-11 CVE-2018-5162 Missing Encryption of Sensitive Data vulnerability in multiple products
Plaintext of decrypted emails can leak through the src attribute of remote images, or links.
network
low complexity
redhat debian canonical mozilla CWE-311
7.5
2018-06-11 CVE-2018-5161 Improper Input Validation vulnerability in multiple products
Crafted message headers can cause a Thunderbird process to hang on receiving the message.
network
low complexity
redhat debian canonical mozilla CWE-20
4.3
2018-06-11 CVE-2018-5160 Use of Uninitialized Resource vulnerability in multiple products
WebRTC can use a "WrappedI420Buffer" pixel buffer but the owning image object can be freed while it is still in use.
network
low complexity
canonical mozilla CWE-908
7.5
2018-06-11 CVE-2018-5159 Integer Overflow or Wraparound vulnerability in multiple products
An integer overflow can occur in the Skia library due to 32-bit integer use in an array without integer overflow checks, resulting in possible out-of-bounds writes.
network
low complexity
debian redhat mozilla canonical CWE-190
critical
9.8
2018-06-11 CVE-2018-5158 Code Injection vulnerability in multiple products
The PDF viewer does not sufficiently sanitize PostScript calculator functions, allowing malicious JavaScript to be injected through a crafted PDF file.
network
low complexity
debian redhat mozilla canonical CWE-94
8.8