ByteOS Network

NVD Vulnerability Details :

CVE-2018-5165

Analyzed

Source-security@mozilla.org

Published At-11 Jun, 2018 | 21:29

Updated At-11 Sep, 2020 | 16:45

In 32-bit versions of Firefox, the Adobe Flash plugin setting for "Enable Adobe Flash protected mode" is unchecked by default even though the Adobe Flash sandbox is actually enabled. The displayed state is the reverse of the true setting, resulting in user confusion. This could cause users to select this setting intending to activate it and inadvertently turn protections off. This vulnerability affects Firefox < 60.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	5.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Primary	2.0	5.0	MEDIUM	AV:N/AC:L/Au:N/C:N/I:P/A:N

CPE Matches

Mozilla Corporation

>>firefox>>Versions before 60.0(exclusive)

cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:x86:*

Weaknesses

CWE ID	Type	Source
NVD-CWE-noinfo	Primary	nvd@nist.gov

References

Hyperlink	Source	Resource
http://www.securityfocus.com/bid/104139	security@mozilla.org	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1040896	security@mozilla.org	Third Party Advisory VDB Entry
https://bugzilla.mozilla.org/show_bug.cgi?id=1451452	security@mozilla.org	Exploit Issue Tracking Patch Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2018-11/	security@mozilla.org	Vendor Advisory

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History