Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2018-AVI-123
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Mozilla Firefox. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Firefox ESR versions ant\u00e9rieures \u00e0 ESR 52.7",
"product": {
"name": "Firefox",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Firefox versions ant\u00e9rieures \u00e0 59",
"product": {
"name": "Firefox",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2018-5134",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5134"
},
{
"name": "CVE-2018-5142",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5142"
},
{
"name": "CVE-2018-5140",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5140"
},
{
"name": "CVE-2018-5137",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5137"
},
{
"name": "CVE-2018-5143",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5143"
},
{
"name": "CVE-2018-5144",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5144"
},
{
"name": "CVE-2018-5128",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5128"
},
{
"name": "CVE-2018-5133",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5133"
},
{
"name": "CVE-2018-5131",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5131"
},
{
"name": "CVE-2018-5132",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5132"
},
{
"name": "CVE-2018-5136",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5136"
},
{
"name": "CVE-2018-5129",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5129"
},
{
"name": "CVE-2018-5145",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5145"
},
{
"name": "CVE-2018-5141",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5141"
},
{
"name": "CVE-2018-5126",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5126"
},
{
"name": "CVE-2018-5135",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5135"
},
{
"name": "CVE-2018-5127",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5127"
},
{
"name": "CVE-2018-5125",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5125"
},
{
"name": "CVE-2018-5130",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5130"
},
{
"name": "CVE-2018-5138",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5138"
}
],
"initial_release_date": "2018-03-14T00:00:00",
"last_revision_date": "2018-03-14T00:00:00",
"links": [],
"reference": "CERTFR-2018-AVI-123",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2018-03-14T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Mozilla Firefox.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire, un d\u00e9ni de service \u00e0 distance et un\ncontournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Mozilla Firefox",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2018-07 du 13 mars 2018",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2018-07/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2018-06 du 13 mars 2018",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2018-06/"
}
]
}
CVE-2018-5144 (GCVE-0-2018-5144)
Vulnerability from cvelistv5
Published
2018-06-11 21:00
Modified
2024-08-05 05:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Integer overflow during Unicode conversion
Summary
An integer overflow can occur during conversion of text to some Unicode character sets due to an unchecked length parameter. This vulnerability affects Firefox ESR < 52.7 and Thunderbird < 52.7.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Mozilla | Firefox ESR |
Version: unspecified < 52.7 |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:26:46.979Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-4139",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4139"
},
{
"name": "GLSA-201810-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201810-01"
},
{
"name": "GLSA-201811-13",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201811-13"
},
{
"name": "RHSA-2018:0527",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0527"
},
{
"name": "USN-3545-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3545-1/"
},
{
"name": "[debian-lts-announce] 20180315 [SECURITY] [DLA 1308-1] firefox-esr security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00010.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2018-09/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2018-07/"
},
{
"name": "RHSA-2018:0526",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0526"
},
{
"name": "[debian-lts-announce] 20180329 [SECURITY] [DLA 1327-1] thunderbird security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00029.html"
},
{
"name": "DSA-4155",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4155"
},
{
"name": "RHSA-2018:0648",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0648"
},
{
"name": "RHSA-2018:0647",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0647"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1440926"
},
{
"name": "1040514",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040514"
},
{
"name": "103384",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103384"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Firefox ESR",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "52.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "52.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-03-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An integer overflow can occur during conversion of text to some Unicode character sets due to an unchecked length parameter. This vulnerability affects Firefox ESR \u003c 52.7 and Thunderbird \u003c 52.7."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Integer overflow during Unicode conversion",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-25T10:57:01",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"name": "DSA-4139",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4139"
},
{
"name": "GLSA-201810-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201810-01"
},
{
"name": "GLSA-201811-13",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201811-13"
},
{
"name": "RHSA-2018:0527",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0527"
},
{
"name": "USN-3545-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3545-1/"
},
{
"name": "[debian-lts-announce] 20180315 [SECURITY] [DLA 1308-1] firefox-esr security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00010.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2018-09/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2018-07/"
},
{
"name": "RHSA-2018:0526",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0526"
},
{
"name": "[debian-lts-announce] 20180329 [SECURITY] [DLA 1327-1] thunderbird security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00029.html"
},
{
"name": "DSA-4155",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4155"
},
{
"name": "RHSA-2018:0648",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0648"
},
{
"name": "RHSA-2018:0647",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0647"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1440926"
},
{
"name": "1040514",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040514"
},
{
"name": "103384",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103384"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2018-5144",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Firefox ESR",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "52.7"
}
]
}
},
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "52.7"
}
]
}
}
]
},
"vendor_name": "Mozilla"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An integer overflow can occur during conversion of text to some Unicode character sets due to an unchecked length parameter. This vulnerability affects Firefox ESR \u003c 52.7 and Thunderbird \u003c 52.7."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Integer overflow during Unicode conversion"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-4139",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4139"
},
{
"name": "GLSA-201810-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201810-01"
},
{
"name": "GLSA-201811-13",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201811-13"
},
{
"name": "RHSA-2018:0527",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0527"
},
{
"name": "USN-3545-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3545-1/"
},
{
"name": "[debian-lts-announce] 20180315 [SECURITY] [DLA 1308-1] firefox-esr security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00010.html"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2018-09/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2018-09/"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2018-07/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2018-07/"
},
{
"name": "RHSA-2018:0526",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0526"
},
{
"name": "[debian-lts-announce] 20180329 [SECURITY] [DLA 1327-1] thunderbird security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00029.html"
},
{
"name": "DSA-4155",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4155"
},
{
"name": "RHSA-2018:0648",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0648"
},
{
"name": "RHSA-2018:0647",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0647"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1440926",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1440926"
},
{
"name": "1040514",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040514"
},
{
"name": "103384",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103384"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2018-5144",
"datePublished": "2018-06-11T21:00:00",
"dateReserved": "2018-01-03T00:00:00",
"dateUpdated": "2024-08-05T05:26:46.979Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-5135 (GCVE-0-2018-5135)
Vulnerability from cvelistv5
Published
2018-06-11 21:00
Modified
2024-08-05 05:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- WebExtension browserAction can inject scripts into unintended contexts
Summary
WebExtensions can bypass normal restrictions in some circumstances and use "browser.tabs.executeScript" to inject scripts into contexts where this should not be allowed, such as pages from other WebExtensions or unprivileged "about:" pages. This vulnerability affects Firefox < 59.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:26:46.978Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "103386",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103386"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1431371"
},
{
"name": "1040514",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040514"
},
{
"name": "USN-3596-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3596-1/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2018-06/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "59",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-03-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "WebExtensions can bypass normal restrictions in some circumstances and use \"browser.tabs.executeScript\" to inject scripts into contexts where this should not be allowed, such as pages from other WebExtensions or unprivileged \"about:\" pages. This vulnerability affects Firefox \u003c 59."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "WebExtension browserAction can inject scripts into unintended contexts",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-12T09:57:01",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"name": "103386",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103386"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1431371"
},
{
"name": "1040514",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040514"
},
{
"name": "USN-3596-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3596-1/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2018-06/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2018-5135",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "59"
}
]
}
}
]
},
"vendor_name": "Mozilla"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WebExtensions can bypass normal restrictions in some circumstances and use \"browser.tabs.executeScript\" to inject scripts into contexts where this should not be allowed, such as pages from other WebExtensions or unprivileged \"about:\" pages. This vulnerability affects Firefox \u003c 59."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "WebExtension browserAction can inject scripts into unintended contexts"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "103386",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103386"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1431371",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1431371"
},
{
"name": "1040514",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040514"
},
{
"name": "USN-3596-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3596-1/"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2018-06/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2018-06/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2018-5135",
"datePublished": "2018-06-11T21:00:00",
"dateReserved": "2018-01-03T00:00:00",
"dateUpdated": "2024-08-05T05:26:46.978Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-5142 (GCVE-0-2018-5142)
Vulnerability from cvelistv5
Published
2018-06-11 21:00
Modified
2024-08-05 05:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Media Capture and Streams API permissions display incorrect origin with data: and blob: URLs
Summary
If Media Capture and Streams API permission is requested from documents with "data:" or "blob:" URLs, the permission notifications do not properly display the originating domain. The notification states "Unknown protocol" as the requestee, leading to user confusion about which site is asking for this permission. This vulnerability affects Firefox < 59.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:26:46.871Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "103386",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103386"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1366357"
},
{
"name": "1040514",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040514"
},
{
"name": "USN-3596-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3596-1/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2018-06/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "59",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-03-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "If Media Capture and Streams API permission is requested from documents with \"data:\" or \"blob:\" URLs, the permission notifications do not properly display the originating domain. The notification states \"Unknown protocol\" as the requestee, leading to user confusion about which site is asking for this permission. This vulnerability affects Firefox \u003c 59."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Media Capture and Streams API permissions display incorrect origin with data: and blob: URLs",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-12T09:57:01",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"name": "103386",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103386"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1366357"
},
{
"name": "1040514",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040514"
},
{
"name": "USN-3596-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3596-1/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2018-06/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2018-5142",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "59"
}
]
}
}
]
},
"vendor_name": "Mozilla"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "If Media Capture and Streams API permission is requested from documents with \"data:\" or \"blob:\" URLs, the permission notifications do not properly display the originating domain. The notification states \"Unknown protocol\" as the requestee, leading to user confusion about which site is asking for this permission. This vulnerability affects Firefox \u003c 59."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Media Capture and Streams API permissions display incorrect origin with data: and blob: URLs"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "103386",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103386"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1366357",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1366357"
},
{
"name": "1040514",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040514"
},
{
"name": "USN-3596-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3596-1/"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2018-06/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2018-06/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2018-5142",
"datePublished": "2018-06-11T21:00:00",
"dateReserved": "2018-01-03T00:00:00",
"dateUpdated": "2024-08-05T05:26:46.871Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-5141 (GCVE-0-2018-5141)
Vulnerability from cvelistv5
Published
2018-06-11 21:00
Modified
2024-08-05 05:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- DOS attack through notifications Push API
Summary
A vulnerability in the notifications Push API where notifications can be sent through service workers by web content without direct user interaction. This could be used to open new tabs in a denial of service (DOS) attack or to display unwanted content from arbitrary URLs to users. This vulnerability affects Firefox < 59.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:26:46.981Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "103386",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103386"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1429093"
},
{
"name": "1040514",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040514"
},
{
"name": "USN-3596-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3596-1/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2018-06/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "59",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-03-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the notifications Push API where notifications can be sent through service workers by web content without direct user interaction. This could be used to open new tabs in a denial of service (DOS) attack or to display unwanted content from arbitrary URLs to users. This vulnerability affects Firefox \u003c 59."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "DOS attack through notifications Push API",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-12T09:57:01",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"name": "103386",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103386"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1429093"
},
{
"name": "1040514",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040514"
},
{
"name": "USN-3596-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3596-1/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2018-06/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2018-5141",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "59"
}
]
}
}
]
},
"vendor_name": "Mozilla"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the notifications Push API where notifications can be sent through service workers by web content without direct user interaction. This could be used to open new tabs in a denial of service (DOS) attack or to display unwanted content from arbitrary URLs to users. This vulnerability affects Firefox \u003c 59."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DOS attack through notifications Push API"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "103386",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103386"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1429093",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1429093"
},
{
"name": "1040514",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040514"
},
{
"name": "USN-3596-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3596-1/"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2018-06/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2018-06/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2018-5141",
"datePublished": "2018-06-11T21:00:00",
"dateReserved": "2018-01-03T00:00:00",
"dateUpdated": "2024-08-05T05:26:46.981Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-5134 (GCVE-0-2018-5134)
Vulnerability from cvelistv5
Published
2018-06-11 21:00
Modified
2024-08-05 05:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- WebExtensions may use view-source: URLs to bypass content restrictions
Summary
WebExtensions may use "view-source:" URLs to view local "file:" URL content, as well as content stored in "about:cache", bypassing restrictions that only allow WebExtensions to view specific content. This vulnerability affects Firefox < 59.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:26:46.963Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "103386",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103386"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1429379"
},
{
"name": "1040514",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040514"
},
{
"name": "USN-3596-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3596-1/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2018-06/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "59",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-03-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "WebExtensions may use \"view-source:\" URLs to view local \"file:\" URL content, as well as content stored in \"about:cache\", bypassing restrictions that only allow WebExtensions to view specific content. This vulnerability affects Firefox \u003c 59."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "WebExtensions may use view-source: URLs to bypass content restrictions",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-12T09:57:01",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"name": "103386",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103386"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1429379"
},
{
"name": "1040514",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040514"
},
{
"name": "USN-3596-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3596-1/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2018-06/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2018-5134",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "59"
}
]
}
}
]
},
"vendor_name": "Mozilla"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WebExtensions may use \"view-source:\" URLs to view local \"file:\" URL content, as well as content stored in \"about:cache\", bypassing restrictions that only allow WebExtensions to view specific content. This vulnerability affects Firefox \u003c 59."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "WebExtensions may use view-source: URLs to bypass content restrictions"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "103386",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103386"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1429379",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1429379"
},
{
"name": "1040514",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040514"
},
{
"name": "USN-3596-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3596-1/"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2018-06/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2018-06/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2018-5134",
"datePublished": "2018-06-11T21:00:00",
"dateReserved": "2018-01-03T00:00:00",
"dateUpdated": "2024-08-05T05:26:46.963Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-5136 (GCVE-0-2018-5136)
Vulnerability from cvelistv5
Published
2018-06-11 21:00
Modified
2024-08-05 05:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Same-origin policy violation with data: URL shared workers
Summary
A shared worker created from a "data:" URL in one tab can be shared by another tab with a different origin, bypassing the same-origin policy. This vulnerability affects Firefox < 59.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:26:46.971Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "103386",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103386"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1419166"
},
{
"name": "1040514",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040514"
},
{
"name": "USN-3596-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3596-1/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2018-06/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "59",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-03-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A shared worker created from a \"data:\" URL in one tab can be shared by another tab with a different origin, bypassing the same-origin policy. This vulnerability affects Firefox \u003c 59."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Same-origin policy violation with data: URL shared workers",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-12T09:57:01",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"name": "103386",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103386"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1419166"
},
{
"name": "1040514",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040514"
},
{
"name": "USN-3596-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3596-1/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2018-06/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2018-5136",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "59"
}
]
}
}
]
},
"vendor_name": "Mozilla"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A shared worker created from a \"data:\" URL in one tab can be shared by another tab with a different origin, bypassing the same-origin policy. This vulnerability affects Firefox \u003c 59."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Same-origin policy violation with data: URL shared workers"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "103386",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103386"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1419166",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1419166"
},
{
"name": "1040514",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040514"
},
{
"name": "USN-3596-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3596-1/"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2018-06/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2018-06/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2018-5136",
"datePublished": "2018-06-11T21:00:00",
"dateReserved": "2018-01-03T00:00:00",
"dateUpdated": "2024-08-05T05:26:46.971Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-5126 (GCVE-0-2018-5126)
Vulnerability from cvelistv5
Published
2018-06-11 21:00
Modified
2024-08-05 05:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Memory safety bugs fixed in Firefox 59
Summary
Memory safety bugs were reported in Firefox 58. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 59.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:26:46.859Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1433671%2C1414768%2C1416523%2C1425691%2C1441006%2C1429768%2C1426002%2C1297740%2C1435566%2C1432855%2C1442318%2C1421963%2C1422631%2C1426603%2C1404297%2C1425257%2C1373934%2C1423173%2C1416940"
},
{
"name": "103386",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103386"
},
{
"name": "1040514",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040514"
},
{
"name": "USN-3596-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3596-1/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2018-06/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "59",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-03-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Memory safety bugs were reported in Firefox 58. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox \u003c 59."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Memory safety bugs fixed in Firefox 59",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-12T09:57:01",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1433671%2C1414768%2C1416523%2C1425691%2C1441006%2C1429768%2C1426002%2C1297740%2C1435566%2C1432855%2C1442318%2C1421963%2C1422631%2C1426603%2C1404297%2C1425257%2C1373934%2C1423173%2C1416940"
},
{
"name": "103386",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103386"
},
{
"name": "1040514",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040514"
},
{
"name": "USN-3596-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3596-1/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2018-06/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2018-5126",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "59"
}
]
}
}
]
},
"vendor_name": "Mozilla"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Memory safety bugs were reported in Firefox 58. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox \u003c 59."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Memory safety bugs fixed in Firefox 59"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1433671%2C1414768%2C1416523%2C1425691%2C1441006%2C1429768%2C1426002%2C1297740%2C1435566%2C1432855%2C1442318%2C1421963%2C1422631%2C1426603%2C1404297%2C1425257%2C1373934%2C1423173%2C1416940",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1433671%2C1414768%2C1416523%2C1425691%2C1441006%2C1429768%2C1426002%2C1297740%2C1435566%2C1432855%2C1442318%2C1421963%2C1422631%2C1426603%2C1404297%2C1425257%2C1373934%2C1423173%2C1416940"
},
{
"name": "103386",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103386"
},
{
"name": "1040514",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040514"
},
{
"name": "USN-3596-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3596-1/"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2018-06/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2018-06/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2018-5126",
"datePublished": "2018-06-11T21:00:00",
"dateReserved": "2018-01-03T00:00:00",
"dateUpdated": "2024-08-05T05:26:46.859Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-5133 (GCVE-0-2018-5133)
Vulnerability from cvelistv5
Published
2018-06-11 21:00
Modified
2024-08-05 05:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Value of the app.support.baseURL preference is not properly sanitized
Summary
If the "app.support.baseURL" preference is changed by a malicious local program to contain HTML and script content, this content is not sanitized. It will be executed if a user loads "chrome://browser/content/preferences/in-content/preferences.xul" directly in a tab and executes a search. This stored preference is also executed whenever an EME video player plugin displays a CDM-disabled message as a notification message. This vulnerability affects Firefox < 59.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:26:46.987Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1430974"
},
{
"name": "103386",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103386"
},
{
"name": "1040514",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040514"
},
{
"name": "USN-3596-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3596-1/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2018-06/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1430511"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "59",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-03-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "If the \"app.support.baseURL\" preference is changed by a malicious local program to contain HTML and script content, this content is not sanitized. It will be executed if a user loads \"chrome://browser/content/preferences/in-content/preferences.xul\" directly in a tab and executes a search. This stored preference is also executed whenever an EME video player plugin displays a CDM-disabled message as a notification message. This vulnerability affects Firefox \u003c 59."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Value of the app.support.baseURL preference is not properly sanitized",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-12T09:57:01",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1430974"
},
{
"name": "103386",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103386"
},
{
"name": "1040514",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040514"
},
{
"name": "USN-3596-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3596-1/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2018-06/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1430511"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2018-5133",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "59"
}
]
}
}
]
},
"vendor_name": "Mozilla"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "If the \"app.support.baseURL\" preference is changed by a malicious local program to contain HTML and script content, this content is not sanitized. It will be executed if a user loads \"chrome://browser/content/preferences/in-content/preferences.xul\" directly in a tab and executes a search. This stored preference is also executed whenever an EME video player plugin displays a CDM-disabled message as a notification message. This vulnerability affects Firefox \u003c 59."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Value of the app.support.baseURL preference is not properly sanitized"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1430974",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1430974"
},
{
"name": "103386",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103386"
},
{
"name": "1040514",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040514"
},
{
"name": "USN-3596-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3596-1/"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2018-06/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2018-06/"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1430511",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1430511"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2018-5133",
"datePublished": "2018-06-11T21:00:00",
"dateReserved": "2018-01-03T00:00:00",
"dateUpdated": "2024-08-05T05:26:46.987Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-5131 (GCVE-0-2018-5131)
Vulnerability from cvelistv5
Published
2018-06-11 21:00
Modified
2024-08-05 05:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Fetch API improperly returns cached copies of no-store/no-cache resources
Summary
Under certain circumstances the "fetch()" API can return transient local copies of resources that were sent with a "no-store" or "no-cache" cache header instead of downloading a copy from the network as it should. This can result in previously stored, locally cached data of a website being accessible to users if they share a common profile while browsing. This vulnerability affects Firefox ESR < 52.7 and Firefox < 59.
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Mozilla | Firefox ESR |
Version: unspecified < 52.7 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:26:46.949Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-4139",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4139"
},
{
"name": "GLSA-201810-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201810-01"
},
{
"name": "103388",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103388"
},
{
"name": "RHSA-2018:0527",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0527"
},
{
"name": "[debian-lts-announce] 20180315 [SECURITY] [DLA 1308-1] firefox-esr security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00010.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2018-07/"
},
{
"name": "RHSA-2018:0526",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0526"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1440775"
},
{
"name": "1040514",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040514"
},
{
"name": "USN-3596-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3596-1/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2018-06/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Firefox ESR",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "52.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "59",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-03-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Under certain circumstances the \"fetch()\" API can return transient local copies of resources that were sent with a \"no-store\" or \"no-cache\" cache header instead of downloading a copy from the network as it should. This can result in previously stored, locally cached data of a website being accessible to users if they share a common profile while browsing. This vulnerability affects Firefox ESR \u003c 52.7 and Firefox \u003c 59."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Fetch API improperly returns cached copies of no-store/no-cache resources",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-20T09:57:01",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"name": "DSA-4139",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4139"
},
{
"name": "GLSA-201810-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201810-01"
},
{
"name": "103388",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103388"
},
{
"name": "RHSA-2018:0527",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0527"
},
{
"name": "[debian-lts-announce] 20180315 [SECURITY] [DLA 1308-1] firefox-esr security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00010.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2018-07/"
},
{
"name": "RHSA-2018:0526",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0526"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1440775"
},
{
"name": "1040514",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040514"
},
{
"name": "USN-3596-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3596-1/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2018-06/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2018-5131",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Firefox ESR",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "52.7"
}
]
}
},
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "59"
}
]
}
}
]
},
"vendor_name": "Mozilla"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Under certain circumstances the \"fetch()\" API can return transient local copies of resources that were sent with a \"no-store\" or \"no-cache\" cache header instead of downloading a copy from the network as it should. This can result in previously stored, locally cached data of a website being accessible to users if they share a common profile while browsing. This vulnerability affects Firefox ESR \u003c 52.7 and Firefox \u003c 59."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Fetch API improperly returns cached copies of no-store/no-cache resources"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-4139",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4139"
},
{
"name": "GLSA-201810-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201810-01"
},
{
"name": "103388",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103388"
},
{
"name": "RHSA-2018:0527",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0527"
},
{
"name": "[debian-lts-announce] 20180315 [SECURITY] [DLA 1308-1] firefox-esr security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00010.html"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2018-07/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2018-07/"
},
{
"name": "RHSA-2018:0526",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0526"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1440775",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1440775"
},
{
"name": "1040514",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040514"
},
{
"name": "USN-3596-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3596-1/"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2018-06/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2018-06/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2018-5131",
"datePublished": "2018-06-11T21:00:00",
"dateReserved": "2018-01-03T00:00:00",
"dateUpdated": "2024-08-05T05:26:46.949Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-5125 (GCVE-0-2018-5125)
Vulnerability from cvelistv5
Published
2018-06-11 21:00
Modified
2024-08-05 05:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Memory safety bugs fixed in Firefox 59 and Firefox ESR 52.7
Summary
Memory safety bugs were reported in Firefox 58 and Firefox ESR 52.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.7, Firefox ESR < 52.7, and Firefox < 59.
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Mozilla | Thunderbird |
Version: unspecified < 52.7 |
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:26:46.946Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-4139",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4139"
},
{
"name": "GLSA-201810-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201810-01"
},
{
"name": "103388",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103388"
},
{
"name": "GLSA-201811-13",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201811-13"
},
{
"name": "RHSA-2018:0527",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0527"
},
{
"name": "USN-3545-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3545-1/"
},
{
"name": "[debian-lts-announce] 20180315 [SECURITY] [DLA 1308-1] firefox-esr security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00010.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2018-09/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2018-07/"
},
{
"name": "RHSA-2018:0526",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0526"
},
{
"name": "[debian-lts-announce] 20180329 [SECURITY] [DLA 1327-1] thunderbird security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00029.html"
},
{
"name": "DSA-4155",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4155"
},
{
"name": "RHSA-2018:0648",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0648"
},
{
"name": "RHSA-2018:0647",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0647"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1416529%2C1434580%2C1434384%2C1437450%2C1437507%2C1426988%2C1438425%2C1324042%2C1437087%2C1443865%2C1425520"
},
{
"name": "USN-3688-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3688-1/"
},
{
"name": "1040514",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040514"
},
{
"name": "USN-3596-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3596-1/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2018-06/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "52.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Firefox ESR",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "52.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "59",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-03-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Memory safety bugs were reported in Firefox 58 and Firefox ESR 52.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird \u003c 52.7, Firefox ESR \u003c 52.7, and Firefox \u003c 59."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Memory safety bugs fixed in Firefox 59 and Firefox ESR 52.7",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-25T10:57:01",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"name": "DSA-4139",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4139"
},
{
"name": "GLSA-201810-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201810-01"
},
{
"name": "103388",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103388"
},
{
"name": "GLSA-201811-13",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201811-13"
},
{
"name": "RHSA-2018:0527",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0527"
},
{
"name": "USN-3545-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3545-1/"
},
{
"name": "[debian-lts-announce] 20180315 [SECURITY] [DLA 1308-1] firefox-esr security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00010.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2018-09/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2018-07/"
},
{
"name": "RHSA-2018:0526",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0526"
},
{
"name": "[debian-lts-announce] 20180329 [SECURITY] [DLA 1327-1] thunderbird security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00029.html"
},
{
"name": "DSA-4155",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4155"
},
{
"name": "RHSA-2018:0648",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0648"
},
{
"name": "RHSA-2018:0647",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0647"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1416529%2C1434580%2C1434384%2C1437450%2C1437507%2C1426988%2C1438425%2C1324042%2C1437087%2C1443865%2C1425520"
},
{
"name": "USN-3688-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3688-1/"
},
{
"name": "1040514",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040514"
},
{
"name": "USN-3596-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3596-1/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2018-06/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2018-5125",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "52.7"
}
]
}
},
{
"product_name": "Firefox ESR",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "52.7"
}
]
}
},
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "59"
}
]
}
}
]
},
"vendor_name": "Mozilla"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Memory safety bugs were reported in Firefox 58 and Firefox ESR 52.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird \u003c 52.7, Firefox ESR \u003c 52.7, and Firefox \u003c 59."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Memory safety bugs fixed in Firefox 59 and Firefox ESR 52.7"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-4139",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4139"
},
{
"name": "GLSA-201810-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201810-01"
},
{
"name": "103388",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103388"
},
{
"name": "GLSA-201811-13",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201811-13"
},
{
"name": "RHSA-2018:0527",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0527"
},
{
"name": "USN-3545-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3545-1/"
},
{
"name": "[debian-lts-announce] 20180315 [SECURITY] [DLA 1308-1] firefox-esr security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00010.html"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2018-09/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2018-09/"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2018-07/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2018-07/"
},
{
"name": "RHSA-2018:0526",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0526"
},
{
"name": "[debian-lts-announce] 20180329 [SECURITY] [DLA 1327-1] thunderbird security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00029.html"
},
{
"name": "DSA-4155",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4155"
},
{
"name": "RHSA-2018:0648",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0648"
},
{
"name": "RHSA-2018:0647",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0647"
},
{
"name": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1416529%2C1434580%2C1434384%2C1437450%2C1437507%2C1426988%2C1438425%2C1324042%2C1437087%2C1443865%2C1425520",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1416529%2C1434580%2C1434384%2C1437450%2C1437507%2C1426988%2C1438425%2C1324042%2C1437087%2C1443865%2C1425520"
},
{
"name": "USN-3688-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3688-1/"
},
{
"name": "1040514",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040514"
},
{
"name": "USN-3596-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3596-1/"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2018-06/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2018-06/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2018-5125",
"datePublished": "2018-06-11T21:00:00",
"dateReserved": "2018-01-03T00:00:00",
"dateUpdated": "2024-08-05T05:26:46.946Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-5138 (GCVE-0-2018-5138)
Vulnerability from cvelistv5
Published
2018-06-11 21:00
Modified
2024-08-05 05:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Android Custom Tab address spoofing through long domain names
Summary
A spoofing vulnerability can occur when a malicious site with an extremely long domain name is opened in an Android Custom Tab (a browser panel inside another app) and the default browser is Firefox for Android. This could allow an attacker to spoof which page is actually loaded and in use. Note: this issue only affects Firefox for Android. Other versions and operating systems are unaffected. This vulnerability affects Firefox < 59.
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:26:46.981Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "103386",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103386"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1432624"
},
{
"name": "1040514",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040514"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2018-06/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "59",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-03-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A spoofing vulnerability can occur when a malicious site with an extremely long domain name is opened in an Android Custom Tab (a browser panel inside another app) and the default browser is Firefox for Android. This could allow an attacker to spoof which page is actually loaded and in use. Note: this issue only affects Firefox for Android. Other versions and operating systems are unaffected. This vulnerability affects Firefox \u003c 59."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Android Custom Tab address spoofing through long domain names",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-12T09:57:01",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"name": "103386",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103386"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1432624"
},
{
"name": "1040514",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040514"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2018-06/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2018-5138",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "59"
}
]
}
}
]
},
"vendor_name": "Mozilla"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A spoofing vulnerability can occur when a malicious site with an extremely long domain name is opened in an Android Custom Tab (a browser panel inside another app) and the default browser is Firefox for Android. This could allow an attacker to spoof which page is actually loaded and in use. Note: this issue only affects Firefox for Android. Other versions and operating systems are unaffected. This vulnerability affects Firefox \u003c 59."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Android Custom Tab address spoofing through long domain names"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "103386",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103386"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1432624",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1432624"
},
{
"name": "1040514",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040514"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2018-06/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2018-06/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2018-5138",
"datePublished": "2018-06-11T21:00:00",
"dateReserved": "2018-01-03T00:00:00",
"dateUpdated": "2024-08-05T05:26:46.981Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-5140 (GCVE-0-2018-5140)
Vulnerability from cvelistv5
Published
2018-06-11 21:00
Modified
2024-08-05 05:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Moz-icon images accessible to web content through moz-icon: protocol
Summary
Image for moz-icons can be accessed through the "moz-icon:" protocol through script in web content even when otherwise prohibited. This could allow for information leakage of which applications are associated with specific MIME types by a malicious page. This vulnerability affects Firefox < 59.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:26:46.945Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1424261"
},
{
"name": "103386",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103386"
},
{
"name": "1040514",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040514"
},
{
"name": "USN-3596-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3596-1/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2018-06/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "59",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-03-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Image for moz-icons can be accessed through the \"moz-icon:\" protocol through script in web content even when otherwise prohibited. This could allow for information leakage of which applications are associated with specific MIME types by a malicious page. This vulnerability affects Firefox \u003c 59."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Moz-icon images accessible to web content through moz-icon: protocol",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-12T09:57:01",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1424261"
},
{
"name": "103386",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103386"
},
{
"name": "1040514",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040514"
},
{
"name": "USN-3596-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3596-1/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2018-06/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2018-5140",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "59"
}
]
}
}
]
},
"vendor_name": "Mozilla"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Image for moz-icons can be accessed through the \"moz-icon:\" protocol through script in web content even when otherwise prohibited. This could allow for information leakage of which applications are associated with specific MIME types by a malicious page. This vulnerability affects Firefox \u003c 59."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Moz-icon images accessible to web content through moz-icon: protocol"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1424261",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1424261"
},
{
"name": "103386",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103386"
},
{
"name": "1040514",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040514"
},
{
"name": "USN-3596-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3596-1/"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2018-06/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2018-06/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2018-5140",
"datePublished": "2018-06-11T21:00:00",
"dateReserved": "2018-01-03T00:00:00",
"dateUpdated": "2024-08-05T05:26:46.945Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-5132 (GCVE-0-2018-5132)
Vulnerability from cvelistv5
Published
2018-06-11 21:00
Modified
2024-08-05 05:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- WebExtension Find API can search privileged pages
Summary
The Find API for WebExtensions can search some privileged pages, such as "about:debugging", if these pages are open in a tab. This could allow a malicious WebExtension to search for otherwise protected data if a user has it open. This vulnerability affects Firefox < 59.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:26:46.978Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "103386",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103386"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1408194"
},
{
"name": "1040514",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040514"
},
{
"name": "USN-3596-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3596-1/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2018-06/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "59",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-03-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Find API for WebExtensions can search some privileged pages, such as \"about:debugging\", if these pages are open in a tab. This could allow a malicious WebExtension to search for otherwise protected data if a user has it open. This vulnerability affects Firefox \u003c 59."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "WebExtension Find API can search privileged pages",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-12T09:57:01",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"name": "103386",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103386"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1408194"
},
{
"name": "1040514",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040514"
},
{
"name": "USN-3596-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3596-1/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2018-06/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2018-5132",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "59"
}
]
}
}
]
},
"vendor_name": "Mozilla"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Find API for WebExtensions can search some privileged pages, such as \"about:debugging\", if these pages are open in a tab. This could allow a malicious WebExtension to search for otherwise protected data if a user has it open. This vulnerability affects Firefox \u003c 59."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "WebExtension Find API can search privileged pages"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "103386",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103386"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1408194",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1408194"
},
{
"name": "1040514",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040514"
},
{
"name": "USN-3596-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3596-1/"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2018-06/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2018-06/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2018-5132",
"datePublished": "2018-06-11T21:00:00",
"dateReserved": "2018-01-03T00:00:00",
"dateUpdated": "2024-08-05T05:26:46.978Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-5130 (GCVE-0-2018-5130)
Vulnerability from cvelistv5
Published
2018-06-11 21:00
Modified
2024-08-05 05:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Mismatched RTP payload type can trigger memory corruption
Summary
When packets with a mismatched RTP payload type are sent in WebRTC connections, in some circumstances a potentially exploitable crash is triggered. This vulnerability affects Firefox ESR < 52.7 and Firefox < 59.
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Mozilla | Firefox ESR |
Version: unspecified < 52.7 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:26:46.968Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-4139",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4139"
},
{
"name": "GLSA-201810-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201810-01"
},
{
"name": "103388",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103388"
},
{
"name": "RHSA-2018:0527",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0527"
},
{
"name": "[debian-lts-announce] 20180315 [SECURITY] [DLA 1308-1] firefox-esr security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00010.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2018-07/"
},
{
"name": "RHSA-2018:0526",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0526"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1433005"
},
{
"name": "1040514",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040514"
},
{
"name": "USN-3596-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3596-1/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2018-06/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Firefox ESR",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "52.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "59",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-03-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "When packets with a mismatched RTP payload type are sent in WebRTC connections, in some circumstances a potentially exploitable crash is triggered. This vulnerability affects Firefox ESR \u003c 52.7 and Firefox \u003c 59."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Mismatched RTP payload type can trigger memory corruption",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-20T09:57:01",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"name": "DSA-4139",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4139"
},
{
"name": "GLSA-201810-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201810-01"
},
{
"name": "103388",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103388"
},
{
"name": "RHSA-2018:0527",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0527"
},
{
"name": "[debian-lts-announce] 20180315 [SECURITY] [DLA 1308-1] firefox-esr security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00010.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2018-07/"
},
{
"name": "RHSA-2018:0526",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0526"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1433005"
},
{
"name": "1040514",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040514"
},
{
"name": "USN-3596-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3596-1/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2018-06/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2018-5130",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Firefox ESR",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "52.7"
}
]
}
},
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "59"
}
]
}
}
]
},
"vendor_name": "Mozilla"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When packets with a mismatched RTP payload type are sent in WebRTC connections, in some circumstances a potentially exploitable crash is triggered. This vulnerability affects Firefox ESR \u003c 52.7 and Firefox \u003c 59."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Mismatched RTP payload type can trigger memory corruption"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-4139",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4139"
},
{
"name": "GLSA-201810-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201810-01"
},
{
"name": "103388",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103388"
},
{
"name": "RHSA-2018:0527",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0527"
},
{
"name": "[debian-lts-announce] 20180315 [SECURITY] [DLA 1308-1] firefox-esr security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00010.html"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2018-07/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2018-07/"
},
{
"name": "RHSA-2018:0526",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0526"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1433005",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1433005"
},
{
"name": "1040514",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040514"
},
{
"name": "USN-3596-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3596-1/"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2018-06/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2018-06/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2018-5130",
"datePublished": "2018-06-11T21:00:00",
"dateReserved": "2018-01-03T00:00:00",
"dateUpdated": "2024-08-05T05:26:46.968Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-5145 (GCVE-0-2018-5145)
Vulnerability from cvelistv5
Published
2018-06-11 21:00
Modified
2024-08-05 05:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Memory safety bugs fixed in Firefox ESR 52.7
Summary
Memory safety bugs were reported in Firefox ESR 52.6. These bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 52.7 and Thunderbird < 52.7.
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Mozilla | Firefox ESR |
Version: unspecified < 52.7 |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:26:46.970Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1261175%2C1348955"
},
{
"name": "DSA-4139",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4139"
},
{
"name": "GLSA-201811-13",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201811-13"
},
{
"name": "RHSA-2018:0527",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0527"
},
{
"name": "USN-3545-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3545-1/"
},
{
"name": "[debian-lts-announce] 20180315 [SECURITY] [DLA 1308-1] firefox-esr security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00010.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2018-09/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2018-07/"
},
{
"name": "RHSA-2018:0526",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0526"
},
{
"name": "[debian-lts-announce] 20180329 [SECURITY] [DLA 1327-1] thunderbird security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00029.html"
},
{
"name": "DSA-4155",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4155"
},
{
"name": "RHSA-2018:0648",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0648"
},
{
"name": "RHSA-2018:0647",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0647"
},
{
"name": "1040514",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040514"
},
{
"name": "103384",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103384"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Firefox ESR",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "52.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "52.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-03-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Memory safety bugs were reported in Firefox ESR 52.6. These bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ESR \u003c 52.7 and Thunderbird \u003c 52.7."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Memory safety bugs fixed in Firefox ESR 52.7",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-25T10:57:01",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1261175%2C1348955"
},
{
"name": "DSA-4139",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4139"
},
{
"name": "GLSA-201811-13",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201811-13"
},
{
"name": "RHSA-2018:0527",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0527"
},
{
"name": "USN-3545-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3545-1/"
},
{
"name": "[debian-lts-announce] 20180315 [SECURITY] [DLA 1308-1] firefox-esr security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00010.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2018-09/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2018-07/"
},
{
"name": "RHSA-2018:0526",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0526"
},
{
"name": "[debian-lts-announce] 20180329 [SECURITY] [DLA 1327-1] thunderbird security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00029.html"
},
{
"name": "DSA-4155",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4155"
},
{
"name": "RHSA-2018:0648",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0648"
},
{
"name": "RHSA-2018:0647",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0647"
},
{
"name": "1040514",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040514"
},
{
"name": "103384",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103384"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2018-5145",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Firefox ESR",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "52.7"
}
]
}
},
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "52.7"
}
]
}
}
]
},
"vendor_name": "Mozilla"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Memory safety bugs were reported in Firefox ESR 52.6. These bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ESR \u003c 52.7 and Thunderbird \u003c 52.7."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Memory safety bugs fixed in Firefox ESR 52.7"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1261175%2C1348955",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1261175%2C1348955"
},
{
"name": "DSA-4139",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4139"
},
{
"name": "GLSA-201811-13",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201811-13"
},
{
"name": "RHSA-2018:0527",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0527"
},
{
"name": "USN-3545-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3545-1/"
},
{
"name": "[debian-lts-announce] 20180315 [SECURITY] [DLA 1308-1] firefox-esr security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00010.html"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2018-09/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2018-09/"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2018-07/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2018-07/"
},
{
"name": "RHSA-2018:0526",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0526"
},
{
"name": "[debian-lts-announce] 20180329 [SECURITY] [DLA 1327-1] thunderbird security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00029.html"
},
{
"name": "DSA-4155",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4155"
},
{
"name": "RHSA-2018:0648",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0648"
},
{
"name": "RHSA-2018:0647",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0647"
},
{
"name": "1040514",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040514"
},
{
"name": "103384",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103384"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2018-5145",
"datePublished": "2018-06-11T21:00:00",
"dateReserved": "2018-01-03T00:00:00",
"dateUpdated": "2024-08-05T05:26:46.970Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-5143 (GCVE-0-2018-5143)
Vulnerability from cvelistv5
Published
2018-06-11 21:00
Modified
2024-08-05 05:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Self-XSS pasting javascript: URL with embedded tab into addressbar
Summary
URLs using "javascript:" have the protocol removed when pasted into the addressbar to protect users from cross-site scripting (XSS) attacks, but if a tab character is embedded in the "javascript:" URL the protocol is not removed and the script will execute. This could allow users to be socially engineered to run an XSS attack against themselves. This vulnerability affects Firefox < 59.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:26:46.997Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1422643"
},
{
"name": "103386",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103386"
},
{
"name": "1040514",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040514"
},
{
"name": "USN-3596-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3596-1/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2018-06/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "59",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-03-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "URLs using \"javascript:\" have the protocol removed when pasted into the addressbar to protect users from cross-site scripting (XSS) attacks, but if a tab character is embedded in the \"javascript:\" URL the protocol is not removed and the script will execute. This could allow users to be socially engineered to run an XSS attack against themselves. This vulnerability affects Firefox \u003c 59."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Self-XSS pasting javascript: URL with embedded tab into addressbar",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-12T09:57:01",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1422643"
},
{
"name": "103386",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103386"
},
{
"name": "1040514",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040514"
},
{
"name": "USN-3596-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3596-1/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2018-06/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2018-5143",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "59"
}
]
}
}
]
},
"vendor_name": "Mozilla"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "URLs using \"javascript:\" have the protocol removed when pasted into the addressbar to protect users from cross-site scripting (XSS) attacks, but if a tab character is embedded in the \"javascript:\" URL the protocol is not removed and the script will execute. This could allow users to be socially engineered to run an XSS attack against themselves. This vulnerability affects Firefox \u003c 59."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Self-XSS pasting javascript: URL with embedded tab into addressbar"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1422643",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1422643"
},
{
"name": "103386",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103386"
},
{
"name": "1040514",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040514"
},
{
"name": "USN-3596-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3596-1/"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2018-06/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2018-06/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2018-5143",
"datePublished": "2018-06-11T21:00:00",
"dateReserved": "2018-01-03T00:00:00",
"dateUpdated": "2024-08-05T05:26:46.997Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-5129 (GCVE-0-2018-5129)
Vulnerability from cvelistv5
Published
2018-06-11 21:00
Modified
2024-08-05 05:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Out-of-bounds write with malformed IPC messages
Summary
A lack of parameter validation on IPC messages results in a potential out-of-bounds write through malformed IPC messages. This can potentially allow for sandbox escape through memory corruption in the parent process. This vulnerability affects Thunderbird < 52.7, Firefox ESR < 52.7, and Firefox < 59.
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Mozilla | Thunderbird |
Version: unspecified < 52.7 |
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:26:46.961Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-4139",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4139"
},
{
"name": "GLSA-201810-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201810-01"
},
{
"name": "103388",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103388"
},
{
"name": "GLSA-201811-13",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201811-13"
},
{
"name": "RHSA-2018:0527",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0527"
},
{
"name": "USN-3545-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3545-1/"
},
{
"name": "[debian-lts-announce] 20180315 [SECURITY] [DLA 1308-1] firefox-esr security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00010.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2018-09/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2018-07/"
},
{
"name": "RHSA-2018:0526",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0526"
},
{
"name": "[debian-lts-announce] 20180329 [SECURITY] [DLA 1327-1] thunderbird security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00029.html"
},
{
"name": "DSA-4155",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4155"
},
{
"name": "RHSA-2018:0648",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0648"
},
{
"name": "RHSA-2018:0647",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0647"
},
{
"name": "1040514",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040514"
},
{
"name": "USN-3596-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3596-1/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2018-06/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1428947"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "52.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Firefox ESR",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "52.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "59",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-03-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A lack of parameter validation on IPC messages results in a potential out-of-bounds write through malformed IPC messages. This can potentially allow for sandbox escape through memory corruption in the parent process. This vulnerability affects Thunderbird \u003c 52.7, Firefox ESR \u003c 52.7, and Firefox \u003c 59."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Out-of-bounds write with malformed IPC messages",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-25T10:57:01",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"name": "DSA-4139",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4139"
},
{
"name": "GLSA-201810-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201810-01"
},
{
"name": "103388",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103388"
},
{
"name": "GLSA-201811-13",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201811-13"
},
{
"name": "RHSA-2018:0527",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0527"
},
{
"name": "USN-3545-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3545-1/"
},
{
"name": "[debian-lts-announce] 20180315 [SECURITY] [DLA 1308-1] firefox-esr security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00010.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2018-09/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2018-07/"
},
{
"name": "RHSA-2018:0526",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0526"
},
{
"name": "[debian-lts-announce] 20180329 [SECURITY] [DLA 1327-1] thunderbird security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00029.html"
},
{
"name": "DSA-4155",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4155"
},
{
"name": "RHSA-2018:0648",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0648"
},
{
"name": "RHSA-2018:0647",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0647"
},
{
"name": "1040514",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040514"
},
{
"name": "USN-3596-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3596-1/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2018-06/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1428947"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2018-5129",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "52.7"
}
]
}
},
{
"product_name": "Firefox ESR",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "52.7"
}
]
}
},
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "59"
}
]
}
}
]
},
"vendor_name": "Mozilla"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A lack of parameter validation on IPC messages results in a potential out-of-bounds write through malformed IPC messages. This can potentially allow for sandbox escape through memory corruption in the parent process. This vulnerability affects Thunderbird \u003c 52.7, Firefox ESR \u003c 52.7, and Firefox \u003c 59."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bounds write with malformed IPC messages"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-4139",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4139"
},
{
"name": "GLSA-201810-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201810-01"
},
{
"name": "103388",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103388"
},
{
"name": "GLSA-201811-13",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201811-13"
},
{
"name": "RHSA-2018:0527",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0527"
},
{
"name": "USN-3545-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3545-1/"
},
{
"name": "[debian-lts-announce] 20180315 [SECURITY] [DLA 1308-1] firefox-esr security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00010.html"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2018-09/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2018-09/"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2018-07/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2018-07/"
},
{
"name": "RHSA-2018:0526",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0526"
},
{
"name": "[debian-lts-announce] 20180329 [SECURITY] [DLA 1327-1] thunderbird security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00029.html"
},
{
"name": "DSA-4155",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4155"
},
{
"name": "RHSA-2018:0648",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0648"
},
{
"name": "RHSA-2018:0647",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0647"
},
{
"name": "1040514",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040514"
},
{
"name": "USN-3596-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3596-1/"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2018-06/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2018-06/"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1428947",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1428947"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2018-5129",
"datePublished": "2018-06-11T21:00:00",
"dateReserved": "2018-01-03T00:00:00",
"dateUpdated": "2024-08-05T05:26:46.961Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-5127 (GCVE-0-2018-5127)
Vulnerability from cvelistv5
Published
2018-06-11 21:00
Modified
2024-08-05 05:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Buffer overflow manipulating SVG animatedPathSegList
Summary
A buffer overflow can occur when manipulating the SVG "animatedPathSegList" through script. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.7, Firefox ESR < 52.7, and Firefox < 59.
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Mozilla | Thunderbird |
Version: unspecified < 52.7 |
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:26:46.976Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-4139",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4139"
},
{
"name": "GLSA-201810-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201810-01"
},
{
"name": "103388",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103388"
},
{
"name": "GLSA-201811-13",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201811-13"
},
{
"name": "RHSA-2018:0527",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0527"
},
{
"name": "USN-3545-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3545-1/"
},
{
"name": "[debian-lts-announce] 20180315 [SECURITY] [DLA 1308-1] firefox-esr security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00010.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2018-09/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2018-07/"
},
{
"name": "RHSA-2018:0526",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0526"
},
{
"name": "[debian-lts-announce] 20180329 [SECURITY] [DLA 1327-1] thunderbird security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00029.html"
},
{
"name": "DSA-4155",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4155"
},
{
"name": "RHSA-2018:0648",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0648"
},
{
"name": "RHSA-2018:0647",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0647"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1430557"
},
{
"name": "1040514",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040514"
},
{
"name": "USN-3596-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3596-1/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2018-06/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "52.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Firefox ESR",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "52.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "59",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-03-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow can occur when manipulating the SVG \"animatedPathSegList\" through script. This results in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 52.7, Firefox ESR \u003c 52.7, and Firefox \u003c 59."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer overflow manipulating SVG animatedPathSegList",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-25T10:57:01",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"name": "DSA-4139",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4139"
},
{
"name": "GLSA-201810-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201810-01"
},
{
"name": "103388",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103388"
},
{
"name": "GLSA-201811-13",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201811-13"
},
{
"name": "RHSA-2018:0527",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0527"
},
{
"name": "USN-3545-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3545-1/"
},
{
"name": "[debian-lts-announce] 20180315 [SECURITY] [DLA 1308-1] firefox-esr security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00010.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2018-09/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2018-07/"
},
{
"name": "RHSA-2018:0526",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0526"
},
{
"name": "[debian-lts-announce] 20180329 [SECURITY] [DLA 1327-1] thunderbird security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00029.html"
},
{
"name": "DSA-4155",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4155"
},
{
"name": "RHSA-2018:0648",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0648"
},
{
"name": "RHSA-2018:0647",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0647"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1430557"
},
{
"name": "1040514",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040514"
},
{
"name": "USN-3596-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3596-1/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2018-06/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2018-5127",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "52.7"
}
]
}
},
{
"product_name": "Firefox ESR",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "52.7"
}
]
}
},
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "59"
}
]
}
}
]
},
"vendor_name": "Mozilla"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A buffer overflow can occur when manipulating the SVG \"animatedPathSegList\" through script. This results in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 52.7, Firefox ESR \u003c 52.7, and Firefox \u003c 59."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer overflow manipulating SVG animatedPathSegList"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-4139",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4139"
},
{
"name": "GLSA-201810-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201810-01"
},
{
"name": "103388",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103388"
},
{
"name": "GLSA-201811-13",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201811-13"
},
{
"name": "RHSA-2018:0527",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0527"
},
{
"name": "USN-3545-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3545-1/"
},
{
"name": "[debian-lts-announce] 20180315 [SECURITY] [DLA 1308-1] firefox-esr security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00010.html"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2018-09/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2018-09/"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2018-07/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2018-07/"
},
{
"name": "RHSA-2018:0526",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0526"
},
{
"name": "[debian-lts-announce] 20180329 [SECURITY] [DLA 1327-1] thunderbird security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00029.html"
},
{
"name": "DSA-4155",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4155"
},
{
"name": "RHSA-2018:0648",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0648"
},
{
"name": "RHSA-2018:0647",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0647"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1430557",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1430557"
},
{
"name": "1040514",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040514"
},
{
"name": "USN-3596-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3596-1/"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2018-06/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2018-06/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2018-5127",
"datePublished": "2018-06-11T21:00:00",
"dateReserved": "2018-01-03T00:00:00",
"dateUpdated": "2024-08-05T05:26:46.976Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-5128 (GCVE-0-2018-5128)
Vulnerability from cvelistv5
Published
2018-06-11 21:00
Modified
2024-08-05 05:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Use-after-free manipulating editor selection ranges
Summary
A use-after-free vulnerability can occur when manipulating elements, events, and selection ranges during editor operations. This results in a potentially exploitable crash. This vulnerability affects Firefox < 59.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:26:46.869Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1431336"
},
{
"name": "103386",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103386"
},
{
"name": "1040514",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040514"
},
{
"name": "USN-3596-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3596-1/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2018-06/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "59",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-03-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A use-after-free vulnerability can occur when manipulating elements, events, and selection ranges during editor operations. This results in a potentially exploitable crash. This vulnerability affects Firefox \u003c 59."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use-after-free manipulating editor selection ranges",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-12T09:57:01",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1431336"
},
{
"name": "103386",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103386"
},
{
"name": "1040514",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040514"
},
{
"name": "USN-3596-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3596-1/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2018-06/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2018-5128",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "59"
}
]
}
}
]
},
"vendor_name": "Mozilla"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A use-after-free vulnerability can occur when manipulating elements, events, and selection ranges during editor operations. This results in a potentially exploitable crash. This vulnerability affects Firefox \u003c 59."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use-after-free manipulating editor selection ranges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1431336",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1431336"
},
{
"name": "103386",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103386"
},
{
"name": "1040514",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040514"
},
{
"name": "USN-3596-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3596-1/"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2018-06/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2018-06/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2018-5128",
"datePublished": "2018-06-11T21:00:00",
"dateReserved": "2018-01-03T00:00:00",
"dateUpdated": "2024-08-05T05:26:46.869Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-5137 (GCVE-0-2018-5137)
Vulnerability from cvelistv5
Published
2018-06-11 21:00
Modified
2024-08-05 05:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Script content can access legacy extension non-contentaccessible resources
Summary
A legacy extension's non-contentaccessible, defined resources can be loaded by an arbitrary web page through script. This script does this by using a maliciously crafted path string to reference the resources. Note: this vulnerability does not affect WebExtensions. This vulnerability affects Firefox < 59.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:26:46.945Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1432870"
},
{
"name": "103386",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103386"
},
{
"name": "1040514",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040514"
},
{
"name": "USN-3596-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3596-1/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2018-06/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "59",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-03-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A legacy extension\u0027s non-contentaccessible, defined resources can be loaded by an arbitrary web page through script. This script does this by using a maliciously crafted path string to reference the resources. Note: this vulnerability does not affect WebExtensions. This vulnerability affects Firefox \u003c 59."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Script content can access legacy extension non-contentaccessible resources",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-12T09:57:01",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1432870"
},
{
"name": "103386",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103386"
},
{
"name": "1040514",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040514"
},
{
"name": "USN-3596-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3596-1/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2018-06/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2018-5137",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "59"
}
]
}
}
]
},
"vendor_name": "Mozilla"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A legacy extension\u0027s non-contentaccessible, defined resources can be loaded by an arbitrary web page through script. This script does this by using a maliciously crafted path string to reference the resources. Note: this vulnerability does not affect WebExtensions. This vulnerability affects Firefox \u003c 59."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Script content can access legacy extension non-contentaccessible resources"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1432870",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1432870"
},
{
"name": "103386",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103386"
},
{
"name": "1040514",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040514"
},
{
"name": "USN-3596-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3596-1/"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2018-06/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2018-06/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2018-5137",
"datePublished": "2018-06-11T21:00:00",
"dateReserved": "2018-01-03T00:00:00",
"dateUpdated": "2024-08-05T05:26:46.945Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…