Vulnerabilities > Canonical > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-11 | CVE-2018-5140 | Information Exposure vulnerability in multiple products Image for moz-icons can be accessed through the "moz-icon:" protocol through script in web content even when otherwise prohibited. | 5.3 |
| 2018-06-11 | CVE-2018-5133 | Information Exposure vulnerability in multiple products If the "app.support.baseURL" preference is changed by a malicious local program to contain HTML and script content, this content is not sanitized. | 6.5 |
| 2018-06-11 | CVE-2018-5132 | Information Exposure vulnerability in multiple products The Find API for WebExtensions can search some privileged pages, such as "about:debugging", if these pages are open in a tab. | 6.5 |
| 2018-06-11 | CVE-2018-5131 | Information Exposure vulnerability in multiple products Under certain circumstances the "fetch()" API can return transient local copies of resources that were sent with a "no-store" or "no-cache" cache header instead of downloading a copy from the network as it should. | 5.9 |
| 2018-06-11 | CVE-2018-5119 | Information Exposure vulnerability in multiple products The reader view will display cross-origin content when CORS headers are set to prohibit the loading of cross-origin content by a site. | 5.3 |
| 2018-06-11 | CVE-2018-5118 | Information Exposure vulnerability in multiple products The screenshot images displayed in the Activity Stream page displayed when a new tab is opened is created from the meta tags of websites. | 5.3 |
| 2018-06-11 | CVE-2018-5117 | If right-to-left text is used in the addressbar with left-to-right alignment, it is possible in some circumstances to scroll this text to spoof the displayed URL. | 5.3 |
| 2018-06-11 | CVE-2018-5114 | Information Exposure vulnerability in multiple products If an existing cookie is changed to be "HttpOnly" while a document is open, the original value remains accessible through script until that document is closed. | 5.3 |
| 2018-06-11 | CVE-2018-5111 | Improper Input Validation vulnerability in multiple products When the text of a specially formatted URL is dragged to the addressbar from page content, the displayed URL can be spoofed to show a different site than the one loaded. | 6.5 |
| 2018-06-11 | CVE-2018-5109 | Origin Validation Error vulnerability in multiple products An audio capture session can started under an incorrect origin from the site making the capture request. | 5.3 |