Vulnerabilities > Canonical > Ubuntu Linux > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-02-28 | CVE-2018-12403 | If a site is loaded over a HTTPS connection but loads a favicon resource over HTTP, the mixed content warning is not displayed to users. | 5.0 |
| 2019-02-28 | CVE-2018-12402 | Origin Validation Error vulnerability in multiple products The internal WebBrowserPersist code does not use correct origin context for a resource being saved. | 4.3 |
| 2019-02-28 | CVE-2018-12401 | Improper Input Validation vulnerability in multiple products Some special resource URIs will cause a non-exploitable crash if loaded with optional parameters following a '?' in the parsed string. | 5.0 |
| 2019-02-28 | CVE-2018-12399 | Improper Authentication vulnerability in multiple products When a new protocol handler is registered, the API accepts a title argument which can be used to mislead users about which domain is registering the new protocol. | 4.3 |
| 2019-02-28 | CVE-2018-12398 | By using the reflected URL in some special resource URIs, such as chrome:, it is possible to inject stylesheets and bypass Content Security Policy (CSP). | 4.3 |
| 2019-02-28 | CVE-2018-12396 | Incorrect Permission Assignment for Critical Resource vulnerability in Mozilla Firefox and Firefox ESR A vulnerability where a WebExtension can run content scripts in disallowed contexts following navigation or other events. | 4.3 |
| 2019-02-28 | CVE-2018-12395 | Unspecified vulnerability in Mozilla Firefox and Firefox ESR By rewriting the Host: request headers using the webRequest API, a WebExtension can bypass domain restrictions through domain fronting. | 5.0 |
| 2019-02-28 | CVE-2018-12393 | Integer Overflow or Wraparound vulnerability in multiple products A potential vulnerability was found in 32-bit builds where an integer overflow during the conversion of scripts to an internal UTF-16 representation could result in allocating a buffer too small for the conversion. | 5.0 |
| 2019-02-28 | CVE-2018-12389 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Mozilla developers and community members reported memory safety bugs present in Firefox ESR 60.2. | 6.8 |
| 2019-02-28 | CVE-2018-12388 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Mozilla developers and community members reported memory safety bugs present in Firefox 62. | 6.8 |