Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2018-06-11	CVE-2018-5168	Sites can bypass security checks on permissions to install lightweight themes by manipulating the "baseURI" property of the theme element. network low complexity debian mozilla canonical redhat	5.0
2018-06-11	CVE-2018-5162	Missing Encryption of Sensitive Data vulnerability in multiple products Plaintext of decrypted emails can leak through the src attribute of remote images, or links. network low complexity redhat debian canonical mozilla CWE-311	5.0
2018-06-11	CVE-2018-5161	Improper Input Validation vulnerability in multiple products Crafted message headers can cause a Thunderbird process to hang on receiving the message. network redhat debian canonical mozilla CWE-20	4.3
2018-06-11	CVE-2018-5158	Code Injection vulnerability in multiple products The PDF viewer does not sufficiently sanitize PostScript calculator functions, allowing malicious JavaScript to be injected through a crafted PDF file. network debian redhat mozilla canonical CWE-94	6.8
2018-06-11	CVE-2018-5157	Information Exposure vulnerability in multiple products Same-origin protections for the PDF viewer can be bypassed, allowing a malicious site to intercept messages meant for the viewer. network low complexity redhat debian canonical mozilla CWE-200	5.0
2018-06-11	CVE-2018-5146	Out-of-bounds Write vulnerability in multiple products An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest. network redhat debian canonical mozilla CWE-787	6.8
2018-06-11	CVE-2018-5131	Information Exposure vulnerability in multiple products Under certain circumstances the "fetch()" API can return transient local copies of resources that were sent with a "no-store" or "no-cache" cache header instead of downloading a copy from the network as it should. network debian mozilla redhat canonical CWE-200	4.3
2018-06-11	CVE-2018-5130	Improper Input Validation vulnerability in multiple products When packets with a mismatched RTP payload type are sent in WebRTC connections, in some circumstances a potentially exploitable crash is triggered. network debian redhat canonical mozilla CWE-20	6.8
2018-06-11	CVE-2018-5129	Out-of-bounds Write vulnerability in multiple products A lack of parameter validation on IPC messages results in a potential out-of-bounds write through malformed IPC messages. network low complexity debian mozilla redhat canonical CWE-787	5.0
2018-06-11	CVE-2018-5127	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products A buffer overflow can occur when manipulating the SVG "animatedPathSegList" through script. network redhat debian canonical mozilla CWE-119	6.8