14.04

DATE	CVE	VULNERABILITY TITLE	RISK
2018-10-18	CVE-2018-12372	Information Exposure vulnerability in multiple products Decrypted S/MIME parts, when included in HTML crafted for an attack, can leak plaintext when included in a a HTML reply/forward. network mozilla redhat debian canonical CWE-200	4.3
2018-10-18	CVE-2018-12370	Cross-Site Request Forgery (CSRF) vulnerability in multiple products In Reader View SameSite cookie protections are not checked on exiting. network canonical mozilla CWE-352	6.8
2018-10-18	CVE-2018-12369	Incorrect Authorization vulnerability in Mozilla Firefox and Firefox ESR WebExtensions bundled with embedded experiments were not correctly checked for proper authorization. network low complexity mozilla canonical CWE-863	7.5
2018-10-18	CVE-2018-12367	Improper Input Validation vulnerability in multiple products In the previous mitigations for Spectre, the resolution or precision of various methods was reduced to counteract the ability to measure precise time intervals. network debian canonical mozilla CWE-20	4.3
2018-10-18	CVE-2018-12366	Out-of-bounds Read vulnerability in multiple products An invalid grid size during QCMS (color profile) transformations can result in the out-of-bounds read interpreted as a float value. network low complexity redhat debian canonical mozilla CWE-125	6.5
2018-10-18	CVE-2018-12365	Information Exposure vulnerability in multiple products A compromised IPC child process can escape the content sandbox and list the names of arbitrary files on the file system without user consent or interaction. network low complexity redhat debian canonical mozilla CWE-200	6.5
2018-10-18	CVE-2018-12364	Cross-Site Request Forgery (CSRF) vulnerability in multiple products NPAPI plugins, such as Adobe Flash, can send non-simple cross-origin requests, bypassing CORS by making a same-origin POST that does a 307 redirect to the target site. network low complexity redhat debian canonical mozilla CWE-352	8.8
2018-10-18	CVE-2018-12363	Use After Free vulnerability in multiple products A use-after-free vulnerability can occur when script uses mutation events to move DOM nodes between documents, resulting in the old document that held the node being freed but the node still having a pointer referencing it. network low complexity redhat debian canonical mozilla CWE-416	8.8
2018-10-18	CVE-2018-12362	Integer Overflow or Wraparound vulnerability in multiple products An integer overflow can occur during graphics operations done by the Supplemental Streaming SIMD Extensions 3 (SSSE3) scaler, resulting in a potentially exploitable crash. network low complexity redhat debian canonical mozilla CWE-190	8.8
2018-10-18	CVE-2018-12361	Integer Overflow or Wraparound vulnerability in Mozilla Firefox and Firefox ESR An integer overflow can occur in the SwizzleData code while calculating buffer sizes. network mozilla debian canonical CWE-190	6.8