Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2018-10-18	CVE-2018-12373	Information Exposure vulnerability in multiple products dDecrypted S/MIME parts hidden with CSS or the plaintext HTML tag can leak plaintext when included in a HTML reply/forward. network low complexity mozilla redhat debian canonical CWE-200	6.5
2018-10-18	CVE-2018-12372	Information Exposure vulnerability in multiple products Decrypted S/MIME parts, when included in HTML crafted for an attack, can leak plaintext when included in a a HTML reply/forward. network low complexity mozilla redhat debian canonical CWE-200	6.5
2018-10-18	CVE-2018-12367	Improper Input Validation vulnerability in multiple products In the previous mitigations for Spectre, the resolution or precision of various methods was reduced to counteract the ability to measure precise time intervals. network low complexity debian canonical mozilla CWE-20	4.3
2018-10-18	CVE-2018-12366	Out-of-bounds Read vulnerability in multiple products An invalid grid size during QCMS (color profile) transformations can result in the out-of-bounds read interpreted as a float value. network low complexity redhat debian canonical mozilla CWE-125	6.5
2018-10-18	CVE-2018-12365	Information Exposure vulnerability in multiple products A compromised IPC child process can escape the content sandbox and list the names of arbitrary files on the file system without user consent or interaction. network low complexity redhat debian canonical mozilla CWE-200	6.5
2018-06-11	CVE-2018-5185	Missing Encryption of Sensitive Data vulnerability in multiple products Plaintext of decrypted emails can leak through by user submitting an embedded form. network low complexity redhat debian canonical mozilla CWE-311	6.5
2018-06-11	CVE-2018-5170	Improper Input Validation vulnerability in multiple products It is possible to spoof the filename of an attachment and display an arbitrary attachment name. network low complexity redhat mozilla debian canonical CWE-20	4.3
2018-06-11	CVE-2018-5168	Sites can bypass security checks on permissions to install lightweight themes by manipulating the "baseURI" property of the theme element. network low complexity debian mozilla canonical redhat	5.3
2018-06-11	CVE-2018-5161	Improper Input Validation vulnerability in multiple products Crafted message headers can cause a Thunderbird process to hang on receiving the message. network low complexity redhat debian canonical mozilla CWE-20	4.3
2018-06-11	CVE-2018-5117	If right-to-left text is used in the addressbar with left-to-right alignment, it is possible in some circumstances to scroll this text to spoof the displayed URL. network low complexity debian redhat mozilla canonical	5.3