Skip to main content
CVE-2018-5114 MEDIUM This Month

If an existing cookie is changed to be "HttpOnly" while a document is open, the original value remains accessible through script until that document is closed. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox Ubuntu Linux
NVD
CVSS 3.0
5.3
EPSS
1.6%
CVE-2018-5110 MEDIUM This Month

If cursor visibility is toggled by script using from 'none' to an image and back through script, the cursor will be rendered temporarily invisible within Firefox. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox
NVD
CVSS 3.0
5.3
EPSS
1.5%
CVE-2018-5109 MEDIUM This Month

An audio capture session can started under an incorrect origin from the site making the capture request. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox Ubuntu Linux
NVD
CVSS 3.0
5.3
EPSS
0.6%
CVE-2018-5107 MEDIUM This Month

The printing process can bypass local access protections to read files available through symlinks, bypassing local file restrictions. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Authentication Bypass Firefox Ubuntu Linux
NVD
CVSS 3.0
5.3
EPSS
1.8%
CVE-2018-5106 MEDIUM This Month

Style editor traffic in the Developer Tools can be routed through a service worker hosted on a third party website if a user selects error links when these tools are open. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox Ubuntu Linux
NVD
CVSS 3.0
5.3
EPSS
1.3%
CVE-2018-12100 MEDIUM This Month

Sonatype Nexus Repository Manager versions 3.x before 3.12.0 has XSS in multiple areas in the Administration UI. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Nexus Repository Manager
NVD
CVSS 3.0
4.8
EPSS
1.3%
CVE-2018-5172 MEDIUM This Month

The Live Bookmarks page and the PDF viewer can run injected script content if a user pastes script from the clipboard into them while viewing RSS feeds or PDF files. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Privilege Escalation XSS Ubuntu Linux Firefox
NVD
CVSS 3.0
4.3
EPSS
1.6%
CVE-2018-5170 MEDIUM This Month

It is possible to spoof the filename of an attachment and display an arbitrary attachment name. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Enterprise Linux Desktop Enterprise Linux Server Enterprise Linux Server Aus +7
NVD
CVSS 3.0
4.3
EPSS
1.8%
CVE-2018-5167 MEDIUM This Month

The web console and JavaScript debugger do not sanitize all output that can be hyperlinked. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Mozilla Information Disclosure Ubuntu Linux Firefox
NVD
CVSS 3.0
4.3
EPSS
1.4%
CVE-2018-5161 MEDIUM This Month

Crafted message headers can cause a Thunderbird process to hang on receiving the message. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Enterprise Linux Desktop Enterprise Linux Server Enterprise Linux Server Aus +7
NVD
CVSS 3.0
4.3
EPSS
2.1%
CVE-2018-5108 MEDIUM This Month

A Blob URL can violate origin attribute segregation, allowing it to be accessed from a private browsing tab and for data to be passed between the private browsing tab and a normal tab. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox Ubuntu Linux
NVD
CVSS 3.0
4.3
EPSS
1.2%
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy