Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2018-06-11	CVE-2016-9895	7PK - Security Features vulnerability in multiple products Event handlers on "marquee" elements were executed despite a strict Content Security Policy (CSP) that disallowed inline JavaScript. network low complexity debian redhat mozilla CWE-254	6.1
2018-06-11	CVE-2016-9074	Information Exposure vulnerability in multiple products An existing mitigation of timing side-channel attacks is insufficient in some circumstances. network high complexity mozilla debian CWE-200	5.9
2018-06-11	CVE-2016-5294	Improper Input Validation vulnerability in Mozilla Firefox The Mozilla Updater can be made to choose an arbitrary target working directory for output files resulting from the update process. local low complexity mozilla CWE-20	5.5
2018-06-11	CVE-2016-5291	Improper Input Validation vulnerability in multiple products A same-origin policy bypass with local shortcut files to load arbitrary local content from disk. local low complexity mozilla debian CWE-20	5.5
2018-05-16	CVE-2017-17689	The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. network high complexity microsoft horde google 9folders flipdogsolutions r2mail2 apple bloop freron kde gnome mozilla ibm emclient postbox-inc ritlabs	5.9
2018-05-16	CVE-2017-17688	The OpenPGP specification allows a Cipher Feedback Mode (CFB) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. network high complexity microsoft horde flipdogsolutions r2mail2 apple bloop freron mozilla emclient postbox-inc roundcube	5.9
2016-03-13	CVE-2016-1957	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Memory leak in libstagefright in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to cause a denial of service (memory consumption) via an MPEG-4 file that triggers a delete operation on an array. network low complexity novell opensuse mozilla oracle CWE-119	4.3
2016-02-13	CVE-2016-1523	The SillMap::readFace function in FeatureMap.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, mishandles a return value, which allows remote attackers to cause a denial of service (missing initialization, NULL pointer dereference, and application crash) via a crafted Graphite smart font. network low complexity fedoraproject mozilla sil debian	6.5
2014-04-30	CVE-2014-1530	Cross-site Scripting vulnerability in multiple products The docshell implementation in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to trigger the loading of a URL with a spoofed baseURI property, and conduct cross-site scripting (XSS) attacks, via a crafted web site that performs history navigation. network low complexity mozilla fedoraproject canonical debian redhat opensuse suse CWE-79	6.1
2014-04-30	CVE-2014-1523	Out-of-bounds Write vulnerability in multiple products Heap-based buffer overflow in the read_u32 function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG image. network low complexity mozilla fedoraproject debian canonical redhat opensuse suse CWE-787	6.5