Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2018-06-11	CVE-2017-5408	Information Exposure vulnerability in multiple products Video files loaded video captions cross-origin without checking for the presence of CORS headers permitting such cross-origin use, leading to potential information disclosure for video captions. network low complexity debian redhat mozilla CWE-200	5.3
2018-06-11	CVE-2017-5407	Information Exposure vulnerability in multiple products Using SVG filters that don't use the fixed point math implementation on a target iframe, a malicious page can extract pixel values from a targeted user. network low complexity debian redhat mozilla CWE-200	6.5
2018-06-11	CVE-2017-5405	DEPRECATED: Use of Uninitialized Resource vulnerability in multiple products Certain response codes in FTP connections can result in the use of uninitialized values for ports in FTP operations. network low complexity debian redhat mozilla CWE-1187	5.3
2018-06-11	CVE-2017-5383	Improper Input Validation vulnerability in multiple products URLs containing certain unicode glyphs for alternative hyphens and quotes do not properly trigger punycode display, allowing for domain name spoofing attacks in the location bar. network low complexity debian redhat mozilla CWE-20	5.3
2018-06-11	CVE-2016-9895	7PK - Security Features vulnerability in multiple products Event handlers on "marquee" elements were executed despite a strict Content Security Policy (CSP) that disallowed inline JavaScript. network low complexity debian redhat mozilla CWE-254	6.1
2018-06-11	CVE-2016-9074	Information Exposure vulnerability in multiple products An existing mitigation of timing side-channel attacks is insufficient in some circumstances. network high complexity mozilla debian CWE-200	5.9
2018-06-11	CVE-2016-5294	Improper Input Validation vulnerability in Mozilla Firefox The Mozilla Updater can be made to choose an arbitrary target working directory for output files resulting from the update process. local low complexity mozilla CWE-20	5.5
2018-06-11	CVE-2016-5291	Improper Input Validation vulnerability in multiple products A same-origin policy bypass with local shortcut files to load arbitrary local content from disk. local low complexity mozilla debian CWE-20	5.5
2018-05-16	CVE-2017-17689	The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. network high complexity microsoft horde google 9folders flipdogsolutions r2mail2 apple bloop freron kde gnome mozilla ibm emclient postbox-inc ritlabs	5.9
2018-05-16	CVE-2017-17688	The OpenPGP specification allows a Cipher Feedback Mode (CFB) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. network high complexity microsoft horde flipdogsolutions r2mail2 apple bloop freron mozilla emclient postbox-inc roundcube	5.9