Canonical Ubuntu Linux vulnerabilities

CVE-2018-5127 [HIGH] CWE-119 CVE-2018-5127: A buffer overflow can occur when manipulating the SVG "animatedPathSegList" through script. This res A buffer overflow can occur when manipulating the SVG "animatedPathSegList" through script. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.7, Firefox ESR < 52.7, and Firefox < 59.

CVE-2018-5112 [HIGH] CWE-552 CVE-2018-5112: Development Tools panels of an extension are required to load URLs for the panels as relative URLs f Development Tools panels of an extension are required to load URLs for the panels as relative URLs from the extension manifest file but this requirement was not enforced in all instances. This could allow the development tools panel for the extension to load a URL that it should not be able to access, including potentially privileged pages. This vulnera

CVE-2018-5178 [HIGH] CWE-119 CVE-2018-5178: A buffer overflow was found during UTF8 to Unicode string conversion within JavaScript with extremel A buffer overflow was found during UTF8 to Unicode string conversion within JavaScript with extremely large amounts of data. This vulnerability requires the use of a malicious or vulnerable legacy extension in order to occur. This vulnerability affects Thunderbird ESR < 52.8, Thunderbird < 52.8, and Firefox ESR < 52.8.

CVE-2018-5146 [HIGH] CWE-787 CVE-2018-5146: An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own co An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest. This vulnerability affects Firefox < 59.0.1, Firefox ESR < 52.7.2, and Thunderbird < 52.7.

CVE-2018-5153 [HIGH] CWE-125 CVE-2018-5153: If websocket data is sent with mixed text and binary in a single message, the binary data can be cor If websocket data is sent with mixed text and binary in a single message, the binary data can be corrupted. This can result in an out-of-bounds read with the read memory sent to the originating server in response. This vulnerability affects Firefox < 60.

CVE-2018-5182 [HIGH] CWE-200 CVE-2018-5182: If a text string that happens to be a filename in the operating system's native format is dragged an If a text string that happens to be a filename in the operating system's native format is dragged and dropped onto the addressbar the specified local file will be opened. This is contrary to policy and is what would happen if the string were the equivalent "file:" URL. This vulnerability affects Firefox < 60.

CVE-2018-5137 [HIGH] CWE-200 CVE-2018-5137: A legacy extension's non-contentaccessible, defined resources can be loaded by an arbitrary web page A legacy extension's non-contentaccessible, defined resources can be loaded by an arbitrary web page through script. This script does this by using a maliciously crafted path string to reference the resources. Note: this vulnerability does not affect WebExtensions. This vulnerability affects Firefox < 59.

CVE-2018-5136 [HIGH] CWE-20 CVE-2018-5136: A shared worker created from a "data:" URL in one tab can be shared by another tab with a different A shared worker created from a "data:" URL in one tab can be shared by another tab with a different origin, bypassing the same-origin policy. This vulnerability affects Firefox < 59.

CVE-2018-5125 [HIGH] CWE-119 CVE-2018-5125: Memory safety bugs were reported in Firefox 58 and Firefox ESR 52.6. Some of these bugs showed evide Memory safety bugs were reported in Firefox 58 and Firefox ESR 52.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.7, Firefox ESR < 52.7, and Firefox < 59.

CVE-2018-5113 [HIGH] CWE-862 CVE-2018-5113: The "browser.identity.launchWebAuthFlow" function of WebExtensions is only allowed to load content o The "browser.identity.launchWebAuthFlow" function of WebExtensions is only allowed to load content over "https:" but this requirement was not properly enforced. This can potentially allow privileged pages to be loaded by the extension. This vulnerability affects Firefox < 58.

CVE-2018-5160 [HIGH] CWE-416 CVE-2018-5160: WebRTC can use a "WrappedI420Buffer" pixel buffer but the owning image object can be freed while it WebRTC can use a "WrappedI420Buffer" pixel buffer but the owning image object can be freed while it is still in use. This can result in the WebRTC encoder using uninitialized memory, leading to a potentially exploitable crash. This vulnerability affects Firefox < 60.

CVE-2018-5130 [HIGH] CWE-20 CVE-2018-5130: When packets with a mismatched RTP payload type are sent in WebRTC connections, in some circumstance When packets with a mismatched RTP payload type are sent in WebRTC connections, in some circumstances a potentially exploitable crash is triggered. This vulnerability affects Firefox ESR < 52.7 and Firefox < 59.

CVE-2018-5105 [HIGH] CVE-2018-5105: WebExtensions can bypass user prompts to first save and then open an arbitrarily downloaded file. Th WebExtensions can bypass user prompts to first save and then open an arbitrarily downloaded file. This can result in an executable file running with local user privileges without explicit user consent. This vulnerability affects Firefox < 58.

CVE-2018-5162 [HIGH] CWE-311 CVE-2018-5162: Plaintext of decrypted emails can leak through the src attribute of remote images, or links. This vu Plaintext of decrypted emails can leak through the src attribute of remote images, or links. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8.

CVE-2018-5177 [HIGH] CWE-119 CVE-2018-5177: A vulnerability exists in XSLT during number formatting where a negative buffer size may be allocate A vulnerability exists in XSLT during number formatting where a negative buffer size may be allocated in some instances, leading to a buffer overflow and crash if it occurs. This vulnerability affects Firefox < 60.

CVE-2018-5169 [MEDIUM] CWE-20 CVE-2018-5169: If manipulated hyperlinked text with "chrome:" URL contained in it is dragged and dropped on the "ho If manipulated hyperlinked text with "chrome:" URL contained in it is dragged and dropped on the "home" icon, the home page can be reset to include a normally-unlinkable chrome page as one of the home page tabs. This vulnerability affects Firefox < 60.

CVE-2018-5172 [MEDIUM] CWE-79 CVE-2018-5172: The Live Bookmarks page and the PDF viewer can run injected script content if a user pastes script f The Live Bookmarks page and the PDF viewer can run injected script content if a user pastes script from the clipboard into them while viewing RSS feeds or PDF files. This could allow a malicious site to socially engineer a user to copy and paste malicious script content that could then run with the context of either page but does not allow for privileg

CVE-2018-5114 [MEDIUM] CWE-200 CVE-2018-5114: If an existing cookie is changed to be "HttpOnly" while a document is open, the original value remai If an existing cookie is changed to be "HttpOnly" while a document is open, the original value remains accessible through script until that document is closed. Network requests correctly use the changed HttpOnly cookie. This vulnerability affects Firefox < 58.

CVE-2018-5131 [MEDIUM] CWE-200 CVE-2018-5131: Under certain circumstances the "fetch()" API can return transient local copies of resources that we Under certain circumstances the "fetch()" API can return transient local copies of resources that were sent with a "no-store" or "no-cache" cache header instead of downloading a copy from the network as it should. This can result in previously stored, locally cached data of a website being accessible to users if they share a common profile while brows

CVE-2018-5132 [MEDIUM] CWE-200 CVE-2018-5132: The Find API for WebExtensions can search some privileged pages, such as "about:debugging", if these The Find API for WebExtensions can search some privileged pages, such as "about:debugging", if these pages are open in a tab. This could allow a malicious WebExtension to search for otherwise protected data if a user has it open. This vulnerability affects Firefox < 59.