Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2018-06-11	CVE-2018-5185	Missing Encryption of Sensitive Data vulnerability in multiple products Plaintext of decrypted emails can leak through by user submitting an embedded form. network low complexity redhat debian canonical mozilla CWE-311	6.5
2018-06-11	CVE-2018-5170	Improper Input Validation vulnerability in multiple products It is possible to spoof the filename of an attachment and display an arbitrary attachment name. network low complexity redhat mozilla debian canonical CWE-20	4.3
2018-06-11	CVE-2018-5168	Sites can bypass security checks on permissions to install lightweight themes by manipulating the "baseURI" property of the theme element. network low complexity debian mozilla canonical redhat	5.3
2018-06-11	CVE-2018-5161	Improper Input Validation vulnerability in multiple products Crafted message headers can cause a Thunderbird process to hang on receiving the message. network low complexity redhat debian canonical mozilla CWE-20	4.3
2013-05-16	CVE-2013-1675	Improper Initialization vulnerability in multiple products Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 do not properly initialize data structures for the nsDOMSVGZoomEvent::mPreviousScale and nsDOMSVGZoomEvent::mNewScale functions, which allows remote attackers to obtain sensitive information from process memory via a crafted web site. network low complexity mozilla canonical debian redhat opensuse CWE-665	6.5
2013-03-15	CVE-2013-2566	Inadequate Encryption Strength vulnerability in multiple products The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same plaintext. network high complexity oracle fujitsu canonical mozilla CWE-326	5.9