Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2018-5118
PUBLISHED
More InfoOfficial Page
Assigner-mozilla
Assigner Org ID-f16b083a-5664-49f3-a51e-8d479e5ed7fe
View Known Exploited Vulnerability (KEV) details
Published At-11 Jun, 2018 | 21:00
Updated At-05 Aug, 2024 | 05:26
Rejected At-
▼CVE Numbering Authority (CNA)

The screenshot images displayed in the Activity Stream page displayed when a new tab is opened is created from the meta tags of websites. An issue was discovered where the page could attempt to create these images through "file:" URLs from the local file system. This loading is blocked by the sandbox but could expose local data if combined with another attack that escapes sandbox protections. This vulnerability affects Firefox < 58.

Affected Products
Vendor
Mozilla CorporationMozilla
Product
Firefox
Versions
Affected
  • From unspecified before 58 (custom)
Problem Types
TypeCWE IDDescription
textN/AActivity Stream images can attempt to load local content through file:
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securitytracker.com/id/1040270
vdb-entry
x_refsource_SECTRACK
https://usn.ubuntu.com/3544-1/
vendor-advisory
x_refsource_UBUNTU
http://www.securityfocus.com/bid/102786
vdb-entry
x_refsource_BID
https://bugzilla.mozilla.org/show_bug.cgi?id=1420049
x_refsource_CONFIRM
https://www.mozilla.org/security/advisories/mfsa2018-02/
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securitytracker.com/id/1040270
vdb-entry
x_refsource_SECTRACK
x_transferred
https://usn.ubuntu.com/3544-1/
vendor-advisory
x_refsource_UBUNTU
x_transferred
http://www.securityfocus.com/bid/102786
vdb-entry
x_refsource_BID
x_transferred
https://bugzilla.mozilla.org/show_bug.cgi?id=1420049
x_refsource_CONFIRM
x_transferred
https://www.mozilla.org/security/advisories/mfsa2018-02/
x_refsource_CONFIRM
x_transferred
Details not found