Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2018-5168

Опубликовано: 09 мая 2018
Источник: redhat
CVSS3: 6.1
EPSS Низкий

Описание

Sites can bypass security checks on permissions to install lightweight themes by manipulating the "baseURI" property of the theme element. This could allow a malicious site to install a theme without user interaction which could contain offensive or embarrassing images. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 8firefoxNot affected
Red Hat Enterprise Linux 8thunderbirdNot affected
Red Hat Enterprise Linux 6firefoxFixedRHSA-2018:141414.05.2018
Red Hat Enterprise Linux 6thunderbirdFixedRHSA-2018:172624.05.2018
Red Hat Enterprise Linux 7firefoxFixedRHSA-2018:141514.05.2018
Red Hat Enterprise Linux 7thunderbirdFixedRHSA-2018:172524.05.2018

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-862
https://bugzilla.redhat.com/show_bug.cgi?id=1576269Mozilla: Lightweight themes can be installed without user interaction

EPSS

Процентиль: 77%
0.01032
Низкий

6.1 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2018-5168

CVSS3: 5.3
ubuntu
больше 7 лет назад

Sites can bypass security checks on permissions to install lightweight themes by manipulating the "baseURI" property of the theme element. This could allow a malicious site to install a theme without user interaction which could contain offensive or embarrassing images. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8.

nvd логотип

CVE-2018-5168

CVSS3: 5.3
nvd
больше 7 лет назад

Sites can bypass security checks on permissions to install lightweight themes by manipulating the "baseURI" property of the theme element. This could allow a malicious site to install a theme without user interaction which could contain offensive or embarrassing images. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8.

debian логотип

CVE-2018-5168

CVSS3: 5.3
debian
больше 7 лет назад

Sites can bypass security checks on permissions to install lightweight ...

github логотип

GHSA-mc9q-rpjx-f8px

CVSS3: 5.3
github
больше 3 лет назад

Sites can bypass security checks on permissions to install lightweight themes by manipulating the "baseURI" property of the theme element. This could allow a malicious site to install a theme without user interaction which could contain offensive or embarrassing images. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8.

fstec логотип

BDU:2019-03510

CVSS3: 6.5
fstec
около 7 лет назад

Уязвимость компонента baseURI браузеров Firefox ESR, Firefox и почтового клиента Thunderbird, позволяющая нарушителю оказать влияние на целостность защищаемой информации

EPSS

Процентиль: 77%
0.01032
Низкий

6.1 Medium

CVSS3