Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2018-06-11	CVE-2018-5178	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products A buffer overflow was found during UTF8 to Unicode string conversion within JavaScript with extremely large amounts of data. network debian mozilla canonical redhat CWE-119	6.8
2018-06-11	CVE-2018-5177	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products A vulnerability exists in XSLT during number formatting where a negative buffer size may be allocated in some instances, leading to a buffer overflow and crash if it occurs. network low complexity canonical mozilla CWE-119	5.0
2018-06-11	CVE-2018-5176	Improper Input Validation vulnerability in multiple products The JSON Viewer displays clickable hyperlinks for strings that are parseable as URLs, including "javascript:" links. network canonical mozilla CWE-20	4.3
2018-06-11	CVE-2018-5175	Cross-site Scripting vulnerability in multiple products A mechanism to bypass Content Security Policy (CSP) protections on sites that have a "script-src" policy of "'strict-dynamic'". network canonical mozilla CWE-79	4.3
2018-06-11	CVE-2018-5173	Improper Input Validation vulnerability in multiple products The filename appearing in the "Downloads" panel improperly renders some Unicode characters, allowing for the file name to be spoofed. network low complexity canonical mozilla CWE-20	5.0
2018-06-11	CVE-2018-5172	Cross-site Scripting vulnerability in multiple products The Live Bookmarks page and the PDF viewer can run injected script content if a user pastes script from the clipboard into them while viewing RSS feeds or PDF files. network canonical mozilla CWE-79	4.3
2018-06-11	CVE-2018-5170	Improper Input Validation vulnerability in multiple products It is possible to spoof the filename of an attachment and display an arbitrary attachment name. network redhat mozilla debian canonical CWE-20	4.3
2018-06-11	CVE-2018-5169	Improper Input Validation vulnerability in multiple products If manipulated hyperlinked text with "chrome:" URL contained in it is dragged and dropped on the "home" icon, the home page can be reset to include a normally-unlinkable chrome page as one of the home page tabs. network canonical mozilla CWE-20	4.3
2018-06-11	CVE-2018-5168	Sites can bypass security checks on permissions to install lightweight themes by manipulating the "baseURI" property of the theme element. network low complexity debian mozilla canonical redhat	5.0
2018-06-11	CVE-2018-5167	Improper Input Validation vulnerability in multiple products The web console and JavaScript debugger do not sanitize all output that can be hyperlinked. network canonical mozilla CWE-20	4.3