High

DATE	CVE	VULNERABILITY TITLE	RISK
2018-06-11	CVE-2018-5158	Code Injection vulnerability in multiple products The PDF viewer does not sufficiently sanitize PostScript calculator functions, allowing malicious JavaScript to be injected through a crafted PDF file. network low complexity debian redhat mozilla canonical CWE-94	8.8
2018-06-11	CVE-2018-5157	Origin Validation Error vulnerability in multiple products Same-origin protections for the PDF viewer can be bypassed, allowing a malicious site to intercept messages meant for the viewer. network low complexity redhat debian canonical mozilla CWE-346	7.5
2018-06-11	CVE-2018-5153	Out-of-bounds Read vulnerability in multiple products If websocket data is sent with mixed text and binary in a single message, the binary data can be corrupted. network low complexity mozilla canonical CWE-125	7.5
2018-06-11	CVE-2018-5146	Out-of-bounds Write vulnerability in multiple products An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest. network low complexity redhat debian canonical mozilla CWE-787	8.8
2018-06-11	CVE-2018-5144	Integer Overflow or Wraparound vulnerability in multiple products An integer overflow can occur during conversion of text to some Unicode character sets due to an unchecked length parameter. network low complexity redhat debian canonical mozilla CWE-190	7.3
2018-06-11	CVE-2018-5141	Improper Input Validation vulnerability in multiple products A vulnerability in the notifications Push API where notifications can be sent through service workers by web content without direct user interaction. network low complexity mozilla canonical CWE-20	8.2
2018-06-11	CVE-2018-5137	Information Exposure vulnerability in multiple products A legacy extension's non-contentaccessible, defined resources can be loaded by an arbitrary web page through script. network low complexity mozilla canonical CWE-200	7.5
2018-06-11	CVE-2018-5136	Improper Input Validation vulnerability in multiple products A shared worker created from a "data:" URL in one tab can be shared by another tab with a different origin, bypassing the same-origin policy. network low complexity canonical mozilla CWE-20	7.5
2018-06-11	CVE-2018-5135	Missing Authorization vulnerability in Mozilla Firefox WebExtensions can bypass normal restrictions in some circumstances and use "browser.tabs.executeScript" to inject scripts into contexts where this should not be allowed, such as pages from other WebExtensions or unprivileged "about:" pages. network low complexity mozilla CWE-862	7.5
2018-06-11	CVE-2018-5134	Information Exposure vulnerability in Mozilla Firefox WebExtensions may use "view-source:" URLs to view local "file:" URL content, as well as content stored in "about:cache", bypassing restrictions that only allow WebExtensions to view specific content. network low complexity mozilla CWE-200	7.5