High

DATE	CVE	VULNERABILITY TITLE	RISK
2018-06-11	CVE-2018-5130	Improper Input Validation vulnerability in multiple products When packets with a mismatched RTP payload type are sent in WebRTC connections, in some circumstances a potentially exploitable crash is triggered. network low complexity debian redhat canonical mozilla CWE-20	8.8
2018-06-11	CVE-2018-5129	Out-of-bounds Write vulnerability in multiple products A lack of parameter validation on IPC messages results in a potential out-of-bounds write through malformed IPC messages. network low complexity debian mozilla redhat canonical CWE-787	8.6
2018-06-11	CVE-2018-5127	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products A buffer overflow can occur when manipulating the SVG "animatedPathSegList" through script. network low complexity redhat debian canonical mozilla CWE-119	8.8
2018-06-11	CVE-2018-5125	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Memory safety bugs were reported in Firefox 58 and Firefox ESR 52.6. network low complexity canonical redhat debian mozilla CWE-119	8.8
2018-06-11	CVE-2018-5115	Information Exposure vulnerability in multiple products If an HTTP authentication prompt is triggered by a background network request from a page or extension, it is displayed over the currently loaded foreground page. network low complexity mozilla canonical CWE-200	7.5
2018-06-11	CVE-2018-5113	Missing Authorization vulnerability in multiple products The "browser.identity.launchWebAuthFlow" function of WebExtensions is only allowed to load content over "https:" but this requirement was not properly enforced. network low complexity mozilla canonical CWE-862	7.5
2018-06-11	CVE-2018-5112	Files or Directories Accessible to External Parties vulnerability in multiple products Development Tools panels of an extension are required to load URLs for the panels as relative URLs from the extension manifest file but this requirement was not enforced in all instances. network low complexity mozilla canonical CWE-552	7.5
2018-06-11	CVE-2018-5105	WebExtensions can bypass user prompts to first save and then open an arbitrarily downloaded file. local low complexity mozilla canonical	7.8
2018-06-11	CVE-2018-5101	Use After Free vulnerability in multiple products A use-after-free vulnerability can occur when manipulating floating "first-letter" style elements, resulting in a potentially exploitable crash. network low complexity mozilla canonical CWE-416	7.5
2018-06-11	CVE-2018-5100	Use After Free vulnerability in multiple products A use-after-free vulnerability can occur when arguments passed to the "IsPotentiallyScrollable" function are freed while still in use by scripts. network low complexity mozilla canonical CWE-416	7.5