Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2018-06-11	CVE-2018-5130	Improper Input Validation vulnerability in multiple products When packets with a mismatched RTP payload type are sent in WebRTC connections, in some circumstances a potentially exploitable crash is triggered. network debian redhat canonical mozilla CWE-20	6.8
2018-06-11	CVE-2018-5129	Out-of-bounds Write vulnerability in multiple products A lack of parameter validation on IPC messages results in a potential out-of-bounds write through malformed IPC messages. network low complexity debian mozilla redhat canonical CWE-787	5.0
2018-06-11	CVE-2018-5127	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products A buffer overflow can occur when manipulating the SVG "animatedPathSegList" through script. network redhat debian canonical mozilla CWE-119	6.8
2018-06-11	CVE-2018-5125	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Memory safety bugs were reported in Firefox 58 and Firefox ESR 52.6. network canonical redhat debian mozilla CWE-119	6.8
2018-06-11	CVE-2018-5119	Information Exposure vulnerability in multiple products The reader view will display cross-origin content when CORS headers are set to prohibit the loading of cross-origin content by a site. network low complexity mozilla canonical CWE-200	5.0
2018-06-11	CVE-2018-5118	Information Exposure vulnerability in multiple products The screenshot images displayed in the Activity Stream page displayed when a new tab is opened is created from the meta tags of websites. network low complexity mozilla canonical CWE-200	5.0
2018-06-11	CVE-2018-5117	If right-to-left text is used in the addressbar with left-to-right alignment, it is possible in some circumstances to scroll this text to spoof the displayed URL. network low complexity debian redhat mozilla canonical	5.0
2018-06-11	CVE-2018-5115	Information Exposure vulnerability in multiple products If an HTTP authentication prompt is triggered by a background network request from a page or extension, it is displayed over the currently loaded foreground page. network low complexity mozilla canonical CWE-200	5.0
2018-06-11	CVE-2018-5114	Information Exposure vulnerability in multiple products If an existing cookie is changed to be "HttpOnly" while a document is open, the original value remains accessible through script until that document is closed. network low complexity mozilla canonical CWE-200	5.0
2018-06-11	CVE-2018-5113	Missing Authorization vulnerability in multiple products The "browser.identity.launchWebAuthFlow" function of WebExtensions is only allowed to load content over "https:" but this requirement was not properly enforced. network low complexity mozilla canonical CWE-862	5.0