- Home
- CVEs with nessus.description==Multiple security issues were discovered in Firefox. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service via application
crash, spoof the origin in audio capture prompts, trick the user in to
providing HTTP credentials for another origin, spoof the addressbar
contents, or execute arbitrary code. (CVE-2018-5089, CVE-2018-5090,
CVE-2018-5091, CVE-2018-5092, CVE-2018-5093, CVE-2018-5094,
CVE-2018-5095, CVE-2018-5097, CVE-2018-5098, CVE-2018-5099,
CVE-2018-5100, CVE-2018-5101, CVE-2018-5102, CVE-2018-5103,
CVE-2018-5104, CVE-2018-5109, CVE-2018-5114, CVE-2018-5115,
CVE-2018-5117, CVE-2018-5122)
Multiple security issues were discovered in WebExtensions. If a user
were tricked in to installing a specially crafted extension, an
attacker could potentially exploit these to gain additional
privileges, bypass same-origin restrictions, or execute arbitrary
code. (CVE-2018-5105, CVE-2018-5113, CVE-2018-5116)
A security issue was discovered with the developer tools. If a user
were tricked in to opening a specially crafted website with the
developer tools open, an attacker could potentially exploit this to
obtain sensitive information from other origins. (CVE-2018-5106)
A security issue was discovered with printing. An attacker could
potentially exploit this to obtain sensitive information from local
files. (CVE-2018-5107)
It was discovered that manually entered blob URLs could be accessed by
subsequent private browsing tabs. If a user were tricked in to
entering a blob URL, an attacker could potentially exploit this to
obtain sensitive information from a private browsing context.
(CVE-2018-5108)
It was discovered that dragging certain specially formatted URLs to
the addressbar could cause the wrong URL to be displayed. If a user
were tricked in to opening a specially crafted website and dragging a
URL to the addressbar, an attacker could potentially exploit this to
spoof the addressbar contents. (CVE-2018-5111)
It was discovered that WebExtension developer tools panels could open
non-relative URLs. If a user were tricked in to installing a specially
crafted extension and running the developer tools, an attacker could
potentially exploit this to gain additional privileges.
(CVE-2018-5112)
It was discovered that ActivityStream images can attempt to load local
content through file: URLs. If a user were tricked in to opening a
specially crafted website, an attacker could potentially exploit this
in combination with another vulnerability that allowed sandbox
protections to be bypassed, in order to obtain sensitive information
from local files. (CVE-2018-5118)
It was discovered that the reader view will load cross-origin content
in violation of CORS headers. An attacker could exploit this to bypass
CORS restrictions. (CVE-2018-5119).
Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top