Vulnerabilities > Debian > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-11 | CVE-2017-7798 | Code Injection vulnerability in multiple products The Developer Tools feature suffers from a XUL injection vulnerability due to improper sanitization of the web page source code. | 8.8 |
| 2018-06-11 | CVE-2017-7787 | Information Exposure vulnerability in multiple products Same-origin policy protections can be bypassed on pages with embedded iframes during page reloads, allowing the iframes to access content on the top level page, leading to information disclosure. | 7.5 |
| 2018-06-11 | CVE-2017-7754 | Out-of-bounds Read vulnerability in multiple products An out-of-bounds read in WebGL with a maliciously crafted "ImageInfo" object during WebGL operations. | 7.5 |
| 2018-06-11 | CVE-2017-7752 | Use After Free vulnerability in multiple products A use-after-free vulnerability during specific user interactions with the input method editor (IME) in some languages due to how events are handled. | 8.8 |
| 2018-06-11 | CVE-2017-5448 | Out-of-bounds Write vulnerability in multiple products An out-of-bounds write in "ClearKeyDecryptor" while decrypting some Clearkey-encrypted media content. | 8.6 |
| 2018-06-11 | CVE-2017-5445 | Improper Validation of Array Index vulnerability in multiple products A vulnerability while parsing "application/http-index-format" format content where uninitialized values are used to create an array. | 7.5 |
| 2018-06-11 | CVE-2017-5444 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products A buffer overflow vulnerability while parsing "application/http-index-format" format content when the header contains improperly formatted data. | 7.5 |
| 2018-06-11 | CVE-2017-5436 | Out-of-bounds Write vulnerability in multiple products An out-of-bounds write in the Graphite 2 library triggered with a maliciously crafted Graphite font. | 8.8 |
| 2018-06-11 | CVE-2017-5386 | WebExtension scripts can use the "data:" protocol to affect pages loaded by other web extensions using this protocol, leading to potential data disclosure or privilege escalation in affected extensions. | 7.3 |
| 2018-06-11 | CVE-2017-5378 | Information Exposure vulnerability in multiple products Hashed codes of JavaScript objects are shared between pages. | 7.5 |