Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2019-02-28	CVE-2018-18497	Limitations on the URIs allowed to WebExtensions by the browser.windows.create API can be bypassed when a pipe in the URL field is used within the extension to load multiple pages as a single argument. network low complexity mozilla canonical	6.5
2019-02-28	CVE-2018-18495	Incorrect Permission Assignment for Critical Resource vulnerability in multiple products WebExtension content scripts can be loaded into about: pages in some circumstances, in violation of the permissions granted to extensions. network low complexity mozilla canonical CWE-732	6.5
2019-02-28	CVE-2018-18494	Origin Validation Error vulnerability in multiple products A same-origin policy violation allowing the theft of cross-origin URL entries when using the Javascript location property to cause a redirection to another site using performance.getEntries(). network low complexity mozilla debian canonical redhat CWE-346	6.5
2019-02-28	CVE-2018-12403	If a site is loaded over a HTTPS connection but loads a favicon resource over HTTP, the mixed content warning is not displayed to users. network low complexity mozilla canonical	5.3
2019-02-28	CVE-2018-12402	Origin Validation Error vulnerability in multiple products The internal WebBrowserPersist code does not use correct origin context for a resource being saved. network low complexity mozilla canonical CWE-346	6.5
2019-02-28	CVE-2018-12399	Improper Authentication vulnerability in multiple products When a new protocol handler is registered, the API accepts a title argument which can be used to mislead users about which domain is registering the new protocol. network low complexity mozilla canonical CWE-287	4.3
2019-02-28	CVE-2018-12398	By using the reflected URL in some special resource URIs, such as chrome:, it is possible to inject stylesheets and bypass Content Security Policy (CSP). network low complexity mozilla canonical	6.5
2019-02-28	CVE-2018-12396	Incorrect Permission Assignment for Critical Resource vulnerability in multiple products A vulnerability where a WebExtension can run content scripts in disallowed contexts following navigation or other events. network low complexity mozilla debian canonical redhat CWE-732	6.5
2019-02-28	CVE-2019-9209	Off-by-one Error vulnerability in multiple products In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the ASN.1 BER and related dissectors could crash. local low complexity wireshark debian canonical opensuse CWE-193	5.5
2019-02-27	CVE-2019-1559	Information Exposure Through Discrepancy vulnerability in multiple products If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. network high complexity openssl canonical debian netapp f5 tenable opensuse fedoraproject mcafee redhat oracle paloaltonetworks nodejs CWE-203	5.9