ByteOS Network

NVD Vulnerability Details :

CVE-2018-5118

Analyzed

Source-security@mozilla.org

Published At-11 Jun, 2018 | 21:29

Updated At-25 Jun, 2018 | 17:25

The screenshot images displayed in the Activity Stream page displayed when a new tab is opened is created from the meta tags of websites. An issue was discovered where the page could attempt to create these images through "file:" URLs from the local file system. This loading is blocked by the sandbox but could expose local data if combined with another attack that escapes sandbox protections. This vulnerability affects Firefox < 58.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.0	5.3	MEDIUM	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Primary	2.0	5.0	MEDIUM	AV:N/AC:L/Au:N/C:P/I:N/A:N

CPE Matches

Mozilla Corporation

>>firefox>>Versions up to 57.0.4(inclusive)

cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*

Canonical Ltd.

>>ubuntu_linux>>14.04

cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*

Canonical Ltd.

>>ubuntu_linux>>16.04

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*

Canonical Ltd.

>>ubuntu_linux>>17.10

cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-200	Primary	nvd@nist.gov

References

Hyperlink	Source	Resource
http://www.securityfocus.com/bid/102786	security@mozilla.org	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1040270	security@mozilla.org	Third Party Advisory VDB Entry
https://bugzilla.mozilla.org/show_bug.cgi?id=1420049	security@mozilla.org	Issue Tracking
https://usn.ubuntu.com/3544-1/	security@mozilla.org	Third Party Advisory
https://www.mozilla.org/security/advisories/mfsa2018-02/	security@mozilla.org	Vendor Advisory

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History