Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2019-02-28	CVE-2018-18494	Origin Validation Error vulnerability in Mozilla Firefox and Firefox ESR A same-origin policy violation allowing the theft of cross-origin URL entries when using the Javascript location property to cause a redirection to another site using performance.getEntries(). network mozilla debian canonical redhat CWE-346	4.3
2019-02-28	CVE-2018-12396	Incorrect Permission Assignment for Critical Resource vulnerability in Mozilla Firefox and Firefox ESR A vulnerability where a WebExtension can run content scripts in disallowed contexts following navigation or other events. network mozilla debian canonical redhat CWE-732	4.3
2019-02-28	CVE-2018-12395	Unspecified vulnerability in Mozilla Firefox and Firefox ESR By rewriting the Host: request headers using the webRequest API, a WebExtension can bypass domain restrictions through domain fronting. network low complexity mozilla debian canonical redhat	5.0
2019-02-28	CVE-2018-12393	Integer Overflow or Wraparound vulnerability in multiple products A potential vulnerability was found in 32-bit builds where an integer overflow during the conversion of scripts to an internal UTF-16 representation could result in allocating a buffer too small for the conversion. network low complexity mozilla debian canonical redhat CWE-190	5.0
2019-02-28	CVE-2018-12389	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Mozilla developers and community members reported memory safety bugs present in Firefox ESR 60.2. network mozilla debian canonical redhat CWE-119	6.8
2019-02-27	CVE-2019-1559	Information Exposure Through Discrepancy vulnerability in multiple products If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. network high complexity openssl canonical debian netapp f5 tenable opensuse fedoraproject mcafee redhat oracle paloaltonetworks nodejs CWE-203	5.9
2019-02-19	CVE-2019-5781	Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. network low complexity google debian redhat fedoraproject	6.5
2019-02-19	CVE-2019-5779	Missing Authorization vulnerability in multiple products Insufficient policy validation in ServiceWorker in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. network low complexity google debian redhat fedoraproject CWE-862	4.3
2019-02-19	CVE-2019-5778	Cross-site Scripting vulnerability in multiple products A missing case for handling special schemes in permission request checks in Extensions in Google Chrome prior to 72.0.3626.81 allowed an attacker who convinced a user to install a malicious extension to bypass extension permission checks for privileged pages via a crafted Chrome Extension. network low complexity google debian redhat fedoraproject CWE-79	6.5
2019-02-19	CVE-2019-5777	Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. network low complexity google redhat debian fedoraproject	6.5