Total
3980 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-5167 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2018-08-03 | 4.3 MEDIUM | 4.3 MEDIUM |
| The web console and JavaScript debugger do not sanitize all output that can be hyperlinked. Both will display "chrome:" links as active, clickable hyperlinks in their output. Web sites should not be able to directly link to internal chrome pages. Additionally, the JavaScript debugger will display "javascript:" links, which users could be tricked into clicking by malicious sites. This vulnerability affects Firefox < 60. | |||||
| CVE-2018-5164 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2018-08-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| Content Security Policy (CSP) is not applied correctly to all parts of multipart content sent with the "multipart/x-mixed-replace" MIME type. This could allow for script to run where CSP should block it, allowing for cross-site scripting (XSS) and other attacks. This vulnerability affects Firefox < 60. | |||||
| CVE-2018-5143 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2018-08-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| URLs using "javascript:" have the protocol removed when pasted into the addressbar to protect users from cross-site scripting (XSS) attacks, but if a tab character is embedded in the "javascript:" URL the protocol is not removed and the script will execute. This could allow users to be socially engineered to run an XSS attack against themselves. This vulnerability affects Firefox < 59. | |||||
| CVE-2018-5141 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2018-08-02 | 6.4 MEDIUM | 8.2 HIGH |
| A vulnerability in the notifications Push API where notifications can be sent through service workers by web content without direct user interaction. This could be used to open new tabs in a denial of service (DOS) attack or to display unwanted content from arbitrary URLs to users. This vulnerability affects Firefox < 59. | |||||
| CVE-2018-5169 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2018-08-02 | 4.3 MEDIUM | 6.5 MEDIUM |
| If manipulated hyperlinked text with "chrome:" URL contained in it is dragged and dropped on the "home" icon, the home page can be reset to include a normally-unlinkable chrome page as one of the home page tabs. This vulnerability affects Firefox < 60. | |||||
| CVE-2018-5140 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2018-08-02 | 5.0 MEDIUM | 5.3 MEDIUM |
| Image for moz-icons can be accessed through the "moz-icon:" protocol through script in web content even when otherwise prohibited. This could allow for information leakage of which applications are associated with specific MIME types by a malicious page. This vulnerability affects Firefox < 59. | |||||
| CVE-2016-9774 | 3 Apache, Canonical, Debian | 3 Tomcat, Ubuntu Linux, Debian Linux | 2018-08-01 | 7.2 HIGH | 7.8 HIGH |
| The postinst script in the tomcat6 package before 6.0.45+dfsg-1~deb7u4 on Debian wheezy, before 6.0.35-1ubuntu3.9 on Ubuntu 12.04 LTS and on Ubuntu 14.04 LTS; the tomcat7 package before 7.0.28-4+deb7u8 on Debian wheezy, before 7.0.56-3+deb8u6 on Debian jessie, before 7.0.52-1ubuntu0.8 on Ubuntu 14.04 LTS, and on Ubuntu 12.04 LTS, 16.04 LTS, and 16.10; and the tomcat8 package before 8.0.14-1+deb8u5 on Debian jessie, before 8.0.32-1ubuntu1.3 on Ubuntu 16.04 LTS, before 8.0.37-1ubuntu0.1 on Ubuntu 16.10, and before 8.0.38-2ubuntu1 on Ubuntu 17.04 might allow local users with access to the tomcat account to obtain sensitive information or gain root privileges via a symlink attack on the Catalina localhost directory. | |||||
| CVE-2017-7826 | 4 Canonical, Debian, Mozilla and 1 more | 10 Ubuntu Linux, Debian Linux, Firefox and 7 more | 2018-08-01 | 10.0 HIGH | 9.8 CRITICAL |
| Memory safety bugs were reported in Firefox 56 and Firefox ESR 52.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 57, Firefox ESR < 52.5, and Thunderbird < 52.5. | |||||
| CVE-2017-7810 | 4 Canonical, Debian, Mozilla and 1 more | 10 Ubuntu Linux, Debian Linux, Firefox and 7 more | 2018-08-01 | 10.0 HIGH | 9.8 CRITICAL |
| Memory safety bugs were reported in Firefox 55 and Firefox ESR 52.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4. | |||||
| CVE-2015-5351 | 3 Apache, Canonical, Debian | 3 Tomcat, Ubuntu Linux, Debian Linux | 2018-07-18 | 6.8 MEDIUM | 8.8 HIGH |
| The (1) Manager and (2) Host Manager applications in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 establish sessions and send CSRF tokens for arbitrary new requests, which allows remote attackers to bypass a CSRF protection mechanism by using a token. | |||||
| CVE-2015-5346 | 3 Apache, Canonical, Debian | 3 Tomcat, Ubuntu Linux, Debian Linux | 2018-07-18 | 6.8 MEDIUM | 8.1 HIGH |
| Session fixation vulnerability in Apache Tomcat 7.x before 7.0.66, 8.x before 8.0.30, and 9.x before 9.0.0.M2, when different session settings are used for deployments of multiple versions of the same web application, might allow remote attackers to hijack web sessions by leveraging use of a requestedSessionSSL field for an unintended request, related to CoyoteAdapter.java and Request.java. | |||||
| CVE-2014-9092 | 3 Canonical, Fedoraproject, Libjpeg-turbo | 3 Ubuntu Linux, Fedora, Libjpeg-turbo | 2018-07-11 | 4.3 MEDIUM | 6.5 MEDIUM |
| libjpeg-turbo before 1.3.1 allows remote attackers to cause a denial of service (crash) via a crafted JPEG file, related to the Exif marker. | |||||
| CVE-2018-5114 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2018-06-25 | 5.0 MEDIUM | 5.3 MEDIUM |
| If an existing cookie is changed to be "HttpOnly" while a document is open, the original value remains accessible through script until that document is closed. Network requests correctly use the changed HttpOnly cookie. This vulnerability affects Firefox < 58. | |||||
| CVE-2018-5115 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2018-06-25 | 5.0 MEDIUM | 7.5 HIGH |
| If an HTTP authentication prompt is triggered by a background network request from a page or extension, it is displayed over the currently loaded foreground page. Although the prompt contains the real domain making the request, this can result in user confusion about the originating site of the authentication request and may cause users to mistakenly send private credential information to a third party site. This vulnerability affects Firefox < 58. | |||||
| CVE-2018-5111 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2018-06-25 | 4.3 MEDIUM | 6.5 MEDIUM |
| When the text of a specially formatted URL is dragged to the addressbar from page content, the displayed URL can be spoofed to show a different site than the one loaded. This allows for phishing attacks where a malicious page can spoof the identify of another site. This vulnerability affects Firefox < 58. | |||||
| CVE-2018-5109 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2018-06-25 | 5.0 MEDIUM | 5.3 MEDIUM |
| An audio capture session can started under an incorrect origin from the site making the capture request. Users are still prompted to allow the request but the prompt can display the wrong origin, leading to user confusion about which site is making the request to capture an audio stream. This vulnerability affects Firefox < 58. | |||||
| CVE-2018-5108 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2018-06-25 | 4.3 MEDIUM | 4.3 MEDIUM |
| A Blob URL can violate origin attribute segregation, allowing it to be accessed from a private browsing tab and for data to be passed between the private browsing tab and a normal tab. This could allow for the leaking of private information specific to the private browsing context. This issue is mitigated by the requirement that the user enter the Blob URL manually in order for the access violation to occur. This vulnerability affects Firefox < 58. | |||||
| CVE-2018-5107 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2018-06-25 | 5.0 MEDIUM | 5.3 MEDIUM |
| The printing process can bypass local access protections to read files available through symlinks, bypassing local file restrictions. The printing process requires files in a specific format so arbitrary data cannot be read but it is possible that some local file information could be exposed. This vulnerability affects Firefox < 58. | |||||
| CVE-2018-5106 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2018-06-25 | 5.0 MEDIUM | 5.3 MEDIUM |
| Style editor traffic in the Developer Tools can be routed through a service worker hosted on a third party website if a user selects error links when these tools are open. This can allow style editor information used within Developer Tools to leak cross-origin. This vulnerability affects Firefox < 58. | |||||
| CVE-2018-5094 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2018-06-25 | 5.0 MEDIUM | 7.5 HIGH |
| A heap buffer overflow vulnerability may occur in WebAssembly when "shrinkElements" is called followed by garbage collection on memory that is now uninitialized. This results in a potentially exploitable crash. This vulnerability affects Firefox < 58. | |||||