Vulnerabilities > Canonical > Ubuntu Linux > 18.04

DATE CVE VULNERABILITY TITLE RISK
2019-02-28 CVE-2018-12401 Improper Input Validation vulnerability in multiple products
Some special resource URIs will cause a non-exploitable crash if loaded with optional parameters following a '?' in the parsed string.
network
low complexity
mozilla canonical CWE-20
5.0
2019-02-28 CVE-2018-12399 Improper Authentication vulnerability in multiple products
When a new protocol handler is registered, the API accepts a title argument which can be used to mislead users about which domain is registering the new protocol.
4.3
2019-02-28 CVE-2018-12398 By using the reflected URL in some special resource URIs, such as chrome:, it is possible to inject stylesheets and bypass Content Security Policy (CSP).
network
mozilla canonical
4.3
2019-02-28 CVE-2018-12397 Information Exposure vulnerability in Mozilla Firefox and Firefox ESR
A WebExtension can request access to local files without the warning prompt stating that the extension will "Access your data for all websites" being displayed to the user.
local
low complexity
mozilla redhat debian canonical CWE-200
3.6
2019-02-28 CVE-2018-12396 Incorrect Permission Assignment for Critical Resource vulnerability in Mozilla Firefox and Firefox ESR
A vulnerability where a WebExtension can run content scripts in disallowed contexts following navigation or other events.
4.3
2019-02-28 CVE-2018-12395 Unspecified vulnerability in Mozilla Firefox and Firefox ESR
By rewriting the Host: request headers using the webRequest API, a WebExtension can bypass domain restrictions through domain fronting.
network
low complexity
mozilla debian canonical redhat
5.0
2019-02-28 CVE-2018-12393 Integer Overflow or Wraparound vulnerability in multiple products
A potential vulnerability was found in 32-bit builds where an integer overflow during the conversion of scripts to an internal UTF-16 representation could result in allocating a buffer too small for the conversion.
network
low complexity
mozilla debian canonical redhat CWE-190
5.0
2019-02-28 CVE-2018-12392 Unspecified vulnerability in Mozilla Firefox and Firefox ESR
When manipulating user events in nested loops while opening a document through script, it is possible to trigger a potentially exploitable crash due to poor event handling.
network
low complexity
mozilla debian canonical redhat
7.5
2019-02-28 CVE-2018-12390 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mozilla Firefox and Firefox ESR
Mozilla developers and community members reported memory safety bugs present in Firefox 62 and Firefox ESR 60.2.
network
low complexity
mozilla debian canonical redhat CWE-119
7.5
2019-02-28 CVE-2018-12389 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Mozilla developers and community members reported memory safety bugs present in Firefox ESR 60.2.
6.8