Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2018-06-11	CVE-2016-5293	Improper Input Validation vulnerability in multiple products When the Mozilla Updater is run, if the Updater's log file in the working directory points to a hardlink, data can be appended to an arbitrary local file. local low complexity mozilla debian CWE-20	5.5
2018-06-11	CVE-2016-5292	Improper Input Validation vulnerability in Mozilla Firefox During URL parsing, a maliciously crafted URL can cause a potentially exploitable crash. network low complexity mozilla CWE-20	6.5
2018-06-11	CVE-2016-5291	Improper Input Validation vulnerability in multiple products A same-origin policy bypass with local shortcut files to load arbitrary local content from disk. local low complexity mozilla debian CWE-20	5.5
2018-06-11	CVE-2016-5288	Information Exposure vulnerability in Mozilla Firefox Web content could access information in the HTTP cache if e10s is disabled. network high complexity mozilla CWE-200	5.9
2018-05-31	CVE-2016-10547	Cross-site Scripting vulnerability in Mozilla Nunjucks Nunjucks is a full featured templating engine for JavaScript. network low complexity mozilla CWE-79	6.1
2018-05-16	CVE-2017-17689	The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. network high complexity microsoft horde google 9folders flipdogsolutions r2mail2 apple bloop freron kde gnome mozilla ibm emclient postbox-inc ritlabs	5.9
2018-05-16	CVE-2017-17688	The OpenPGP specification allows a Cipher Feedback Mode (CFB) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. network high complexity microsoft horde flipdogsolutions r2mail2 apple bloop freron mozilla emclient postbox-inc roundcube	5.9
2018-05-04	CVE-2018-10229	Information Exposure vulnerability in multiple products A hardware vulnerability in GPU memory modules allows attackers to accelerate micro-architectural attacks through the use of the JavaScript WebGL API. network high complexity google mozilla lg CWE-200	4.8
2017-04-12	CVE-2016-2803	Cross-site Scripting vulnerability in Mozilla Bugzilla Cross-site scripting (XSS) vulnerability in the dependency graphs in Bugzilla 2.16rc1 through 4.4.11, and 4.5.1 through 5.0.2 allows remote attackers to inject arbitrary web script or HTML. network low complexity mozilla CWE-79	6.1
2016-09-22	CVE-2016-5282	Information Exposure vulnerability in Mozilla Firefox Mozilla Firefox before 49.0 does not properly restrict the scheme in favicon requests, which might allow remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by a jar: URL for a favicon resource. network low complexity mozilla CWE-200	6.5