debian vulnerabilities and exploits

NA
CVE-2018-12395

Red Hat: CVE-2018-12395: Critical: firefox security and bug fix update (Multiple Advisories)...

NA
CVE-2018-12390

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below. From SUSE_CVE-2018-12390: This CVE is addressed in the SUSE advisories openSUSE-SU-2018:3435-1....

NA
CVE-2018-12397

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below. From SUSE_CVE-2018-12397: This CVE is addressed in the SUSE advisories openSUSE-SU-2018:3435-1....

NA
CVE-2018-12393

A potential vulnerability was found in 32-bit builds where an integer overflow during the conversion of scripts to an internal UTF-16 representation could result in allocating a buffer too small for the conversion. This leads to a possible out-of-bounds write. Note: 64-bit builds...

NA
CVE-2018-18498

Oracle Solaris 11: CVE-2018-18498: Vulnerability in Firefox...

NA
CVE-2018-12389

Mozilla developers and community members Daniel Veditz and Philipp reported memory safety bugs present in Firefox ESR 60.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code....

NA
CVE-2018-18494

A same-origin policy violation allowing the theft of cross-origin URL entries when using the Javascript location property to cause a redirection to another site using performance.getEntries(). This is a same-origin policy violation and could allow for data theft....

NA
CVE-2018-12396

A vulnerability where a WebExtension can run content scripts in disallowed contexts following navigation or other events. This allows for potential privilege escalation by the WebExtension on sites where content scripts should not be run....

4.3
MEDIUM
CVE-2019-5779

Insufficient policy validation in ServiceWorker in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page....

4.3
MEDIUM
CVE-2019-5777

Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name....

4.3
MEDIUM
CVE-2019-5775

Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name....