Vulnerabilities > Canonical > Ubuntu Linux > 14.04
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-11 | CVE-2018-5151 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Memory safety bugs were reported in Firefox 59. | 10.0 |
| 2018-06-11 | CVE-2018-5150 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Memory safety bugs were reported in Firefox 59, Firefox ESR 52.7, and Thunderbird 52.7. | 7.5 |
| 2018-06-11 | CVE-2018-5148 | Use After Free vulnerability in multiple products A use-after-free vulnerability can occur in the compositor during certain graphics operations when a raw pointer is used instead of a reference counted one. | 7.5 |
| 2018-06-11 | CVE-2018-5146 | Out-of-bounds Write vulnerability in multiple products An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest. | 6.8 |
| 2018-06-11 | CVE-2018-5145 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Memory safety bugs were reported in Firefox ESR 52.6. | 7.5 |
| 2018-06-11 | CVE-2018-5144 | Integer Overflow or Wraparound vulnerability in multiple products An integer overflow can occur during conversion of text to some Unicode character sets due to an unchecked length parameter. | 7.5 |
| 2018-06-11 | CVE-2018-5143 | Cross-site Scripting vulnerability in multiple products URLs using "javascript:" have the protocol removed when pasted into the addressbar to protect users from cross-site scripting (XSS) attacks, but if a tab character is embedded in the "javascript:" URL the protocol is not removed and the script will execute. | 4.3 |
| 2018-06-11 | CVE-2018-5142 | If Media Capture and Streams API permission is requested from documents with "data:" or "blob:" URLs, the permission notifications do not properly display the originating domain. | 5.0 |
| 2018-06-11 | CVE-2018-5141 | Improper Input Validation vulnerability in multiple products A vulnerability in the notifications Push API where notifications can be sent through service workers by web content without direct user interaction. | 6.4 |
| 2018-06-11 | CVE-2018-5140 | Information Exposure vulnerability in multiple products Image for moz-icons can be accessed through the "moz-icon:" protocol through script in web content even when otherwise prohibited. | 5.0 |