Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2018-06-11	CVE-2018-5117	If right-to-left text is used in the addressbar with left-to-right alignment, it is possible in some circumstances to scroll this text to spoof the displayed URL. network low complexity debian redhat mozilla canonical	5.0
2018-06-11	CVE-2017-7848	Injection vulnerability in multiple products RSS fields can inject new lines into the created email structure, modifying the message body. network low complexity mozilla redhat debian CWE-74	5.0
2018-06-11	CVE-2017-7846	Injection vulnerability in multiple products It is possible to execute JavaScript in the parsed RSS feed when RSS feed is viewed as a website, e.g. network redhat debian mozilla CWE-74	6.8
2018-06-11	CVE-2017-7843	Information Exposure vulnerability in multiple products When Private Browsing mode is used, it is possible for a web worker to write persistent data to IndexedDB and fingerprint a user uniquely. network low complexity debian mozilla redhat CWE-200	5.0
2018-06-11	CVE-2017-7830	The Resource Timing API incorrectly revealed navigations in cross-origin iframes. network debian mozilla redhat	4.3
2018-06-11	CVE-2017-7823	Cross-site Scripting vulnerability in multiple products The content security policy (CSP) "sandbox" directive did not create a unique origin for the document, causing it to behave as if the "allow-same-origin" keyword were always specified. network redhat debian mozilla CWE-79	4.3
2018-06-11	CVE-2017-7814	Improper Input Validation vulnerability in multiple products File downloads encoded with "blob:" and "data:" URL elements bypassed normal file download checks though the Phishing and Malware Protection feature and its block lists of suspicious sites and files. network redhat mozilla debian CWE-20	6.8
2018-06-11	CVE-2017-7807	Improper Input Validation vulnerability in multiple products A mechanism that uses AppCache to hijack a URL in a domain using fallback by serving the files from a sub-path on the domain. network debian redhat mozilla CWE-20	5.8
2018-06-11	CVE-2017-7803	Improper Privilege Management vulnerability in multiple products When a page's content security policy (CSP) header contains a "sandbox" directive, other directives are ignored. network low complexity redhat debian mozilla CWE-269	5.0
2018-06-11	CVE-2017-7798	Code Injection vulnerability in multiple products The Developer Tools feature suffers from a XUL injection vulnerability due to improper sanitization of the web page source code. network debian redhat mozilla CWE-94	6.8