Canonical Ubuntu Linux vulnerabilities

CVE-2018-5103 [CRITICAL] CWE-416 CVE-2018-5103: A use-after-free vulnerability can occur during mouse event handling due to issues with multiprocess A use-after-free vulnerability can occur during mouse event handling due to issues with multiprocess support. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58.

CVE-2018-5098 [CRITICAL] CWE-416 CVE-2018-5098: A use-after-free vulnerability can occur when form input elements, focus, and selections are manipul A use-after-free vulnerability can occur when form input elements, focus, and selections are manipulated by script content. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58.

CVE-2018-5091 [CRITICAL] CWE-416 CVE-2018-5091: A use-after-free vulnerability can occur during WebRTC connections when interacting with the DTMF ti A use-after-free vulnerability can occur during WebRTC connections when interacting with the DTMF timers. This results in a potentially exploitable crash. This vulnerability affects Firefox ESR < 52.6 and Firefox < 58.

CVE-2018-5155 [CRITICAL] CWE-416 CVE-2018-5155: A use-after-free vulnerability can occur while adjusting layout during SVG animations with text path A use-after-free vulnerability can occur while adjusting layout during SVG animations with text paths. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8.

CVE-2018-5102 [CRITICAL] CWE-416 CVE-2018-5102: A use-after-free vulnerability can occur when manipulating HTML media elements with media streams, r A use-after-free vulnerability can occur when manipulating HTML media elements with media streams, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58.

CVE-2018-5180 [HIGH] CWE-416 CVE-2018-5180: A use-after-free vulnerability can occur during WebGL operations. While this results in a potentiall A use-after-free vulnerability can occur during WebGL operations. While this results in a potentially exploitable crash, the vulnerability is limited because the memory is freed and reused in a brief window of time during the freeing of the same callstack. This vulnerability affects Firefox < 60.

CVE-2018-5184 [HIGH] CWE-326 CVE-2018-5184: Using remote content in encrypted messages can lead to the disclosure of plaintext. This vulnerabili Using remote content in encrypted messages can lead to the disclosure of plaintext. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8.

CVE-2018-5093 [HIGH] CWE-119 CVE-2018-5093: A heap buffer overflow vulnerability may occur in WebAssembly during Memory/Table resizing, resultin A heap buffer overflow vulnerability may occur in WebAssembly during Memory/Table resizing, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 58.

CVE-2018-5158 [HIGH] CWE-94 CVE-2018-5158: The PDF viewer does not sufficiently sanitize PostScript calculator functions, allowing malicious Ja The PDF viewer does not sufficiently sanitize PostScript calculator functions, allowing malicious JavaScript to be injected through a crafted PDF file. This JavaScript can then be run with the permissions of the PDF viewer by its worker. This vulnerability affects Firefox ESR < 52.8 and Firefox < 60.

CVE-2018-5181 [HIGH] CWE-200 CVE-2018-5181: If a URL using the "file:" protocol is dragged and dropped onto an open tab that is running in a dif If a URL using the "file:" protocol is dragged and dropped onto an open tab that is running in a different child process the tab will open a local file corresponding to the dropped URL, contrary to policy. One way to make the target tab open more reliably in a separate process is to open it with the "noopener" keyword. This vulnerability affects Firefox

CVE-2018-5163 [HIGH] CWE-281 CVE-2018-5163: If a malicious attacker has used another vulnerability to gain full control over a content process, If a malicious attacker has used another vulnerability to gain full control over a content process, they may be able to replace the alternate data resources stored in the JavaScript Start-up Bytecode Cache (JSBC) for other JavaScript code. If the parent process then runs this replaced code, the executed script would be run with the parent process' privil

CVE-2018-5100 [HIGH] CWE-416 CVE-2018-5100: A use-after-free vulnerability can occur when arguments passed to the "IsPotentiallyScrollable" func A use-after-free vulnerability can occur when arguments passed to the "IsPotentiallyScrollable" function are freed while still in use by scripts. This results in a potentially exploitable crash. This vulnerability affects Firefox < 58.

CVE-2018-5115 [HIGH] CWE-200 CVE-2018-5115: If an HTTP authentication prompt is triggered by a background network request from a page or extensi If an HTTP authentication prompt is triggered by a background network request from a page or extension, it is displayed over the currently loaded foreground page. Although the prompt contains the real domain making the request, this can result in user confusion about the originating site of the authentication request and may cause users to mistakenly se

CVE-2018-5129 [HIGH] CWE-787 CVE-2018-5129: A lack of parameter validation on IPC messages results in a potential out-of-bounds write through ma A lack of parameter validation on IPC messages results in a potential out-of-bounds write through malformed IPC messages. This can potentially allow for sandbox escape through memory corruption in the parent process. This vulnerability affects Thunderbird < 52.7, Firefox ESR < 52.7, and Firefox < 59.

CVE-2018-5144 [HIGH] CWE-190 CVE-2018-5144: An integer overflow can occur during conversion of text to some Unicode character sets due to an unc An integer overflow can occur during conversion of text to some Unicode character sets due to an unchecked length parameter. This vulnerability affects Firefox ESR < 52.7 and Thunderbird < 52.7.

CVE-2018-5141 [HIGH] CWE-20 CVE-2018-5141: A vulnerability in the notifications Push API where notifications can be sent through service worker A vulnerability in the notifications Push API where notifications can be sent through service workers by web content without direct user interaction. This could be used to open new tabs in a denial of service (DOS) attack or to display unwanted content from arbitrary URLs to users. This vulnerability affects Firefox < 59.

CVE-2018-5101 [HIGH] CWE-416 CVE-2018-5101: A use-after-free vulnerability can occur when manipulating floating "first-letter" style elements, r A use-after-free vulnerability can occur when manipulating floating "first-letter" style elements, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 58.

CVE-2018-5157 [HIGH] CWE-200 CVE-2018-5157: Same-origin protections for the PDF viewer can be bypassed, allowing a malicious site to intercept m Same-origin protections for the PDF viewer can be bypassed, allowing a malicious site to intercept messages meant for the viewer. This could allow the site to retrieve PDF files restricted to viewing by an authenticated user on a third-party website. This vulnerability affects Firefox ESR < 52.8 and Firefox < 60.

CVE-2018-5094 [HIGH] CWE-119 CVE-2018-5094: A heap buffer overflow vulnerability may occur in WebAssembly when "shrinkElements" is called follow A heap buffer overflow vulnerability may occur in WebAssembly when "shrinkElements" is called followed by garbage collection on memory that is now uninitialized. This results in a potentially exploitable crash. This vulnerability affects Firefox < 58.

CVE-2018-5166 [HIGH] CWE-269 CVE-2018-5166: WebExtensions can use request redirection and a "filterReponseData" filter to bypass host permission WebExtensions can use request redirection and a "filterReponseData" filter to bypass host permission settings to redirect network traffic and access content from a host for which they do not have explicit user permission. This vulnerability affects Firefox < 60.