Vulnerabilities > Canonical > Ubuntu Linux > 18.04

DATE CVE VULNERABILITY TITLE RISK
2019-02-28 CVE-2018-18497 Limitations on the URIs allowed to WebExtensions by the browser.windows.create API can be bypassed when a pipe in the URL field is used within the extension to load multiple pages as a single argument.
network
mozilla canonical
4.3
2019-02-28 CVE-2018-18495 Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
WebExtension content scripts can be loaded into about: pages in some circumstances, in violation of the permissions granted to extensions.
4.3
2019-02-28 CVE-2018-18494 Origin Validation Error vulnerability in Mozilla Firefox and Firefox ESR
A same-origin policy violation allowing the theft of cross-origin URL entries when using the Javascript location property to cause a redirection to another site using performance.getEntries().
4.3
2019-02-28 CVE-2018-18493 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mozilla Firefox and Firefox ESR
A buffer overflow can occur in the Skia library during buffer offset calculations with hardware accelerated canvas 2D actions due to the use of 32-bit calculations instead of 64-bit.
network
low complexity
mozilla debian canonical redhat CWE-119
7.5
2019-02-28 CVE-2018-18492 Use After Free vulnerability in Mozilla Firefox and Firefox ESR
A use-after-free vulnerability can occur after deleting a selection element due to a weak reference to the select element in the options collection.
network
low complexity
mozilla debian canonical redhat CWE-416
7.5
2019-02-28 CVE-2018-12407 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
A buffer overflow occurs when drawing and validating elements with the ANGLE graphics library, used for WebGL content, when working with the VertexBuffer11 module.
network
low complexity
mozilla canonical CWE-119
7.5
2019-02-28 CVE-2018-12406 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Mozilla developers and community members reported memory safety bugs present in Firefox 63.
6.8
2019-02-28 CVE-2018-12405 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mozilla Firefox and Firefox ESR
Mozilla developers and community members reported memory safety bugs present in Firefox 63 and Firefox ESR 60.3.
network
low complexity
mozilla canonical debian redhat CWE-119
7.5
2019-02-28 CVE-2018-12403 If a site is loaded over a HTTPS connection but loads a favicon resource over HTTP, the mixed content warning is not displayed to users.
network
low complexity
mozilla canonical
5.0
2019-02-28 CVE-2018-12402 Origin Validation Error vulnerability in multiple products
The internal WebBrowserPersist code does not use correct origin context for a resource being saved.
4.3