Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2018-5108

Опубликовано: 11 июн. 2018
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 4.3
CVSS3: 4.3

Описание

A Blob URL can violate origin attribute segregation, allowing it to be accessed from a private browsing tab and for data to be passed between the private browsing tab and a normal tab. This could allow for the leaking of private information specific to the private browsing context. This issue is mitigated by the requirement that the user enter the Blob URL manually in order for the access violation to occur. This vulnerability affects Firefox < 58.

РелизСтатусПримечание
artful

released

58.0+build6-0ubuntu0.17.10.1
bionic

released

59.0.1+build1-0ubuntu1
devel

released

59.0.1+build1-0ubuntu1
esm-infra-legacy/trusty

DNE

trusty/esm was DNE [trusty was released [58.0+build6-0ubuntu0.14.04.1]]
precise/esm

DNE

trusty

released

58.0+build6-0ubuntu0.14.04.1
trusty/esm

DNE

trusty was released [58.0+build6-0ubuntu0.14.04.1]
upstream

released

58.0
xenial

released

58.0+build6-0ubuntu0.16.04.1

Показывать по

Ссылки на источники

EPSS

Процентиль: 53%
0.00304
Низкий

4.3 Medium

CVSS2

4.3 Medium

CVSS3

Связанные уязвимости

nvd логотип

CVE-2018-5108

CVSS3: 4.3
nvd
больше 7 лет назад

A Blob URL can violate origin attribute segregation, allowing it to be accessed from a private browsing tab and for data to be passed between the private browsing tab and a normal tab. This could allow for the leaking of private information specific to the private browsing context. This issue is mitigated by the requirement that the user enter the Blob URL manually in order for the access violation to occur. This vulnerability affects Firefox < 58.

debian логотип

CVE-2018-5108

CVSS3: 4.3
debian
больше 7 лет назад

A Blob URL can violate origin attribute segregation, allowing it to be ...

github логотип

GHSA-9fmf-gjw2-hq6p

CVSS3: 4.3
github
больше 3 лет назад

A Blob URL can violate origin attribute segregation, allowing it to be accessed from a private browsing tab and for data to be passed between the private browsing tab and a normal tab. This could allow for the leaking of private information specific to the private browsing context. This issue is mitigated by the requirement that the user enter the Blob URL manually in order for the access violation to occur. This vulnerability affects Firefox < 58.

fstec логотип

BDU:2018-00874

CVSS3: 4.3
fstec
около 8 лет назад

Уязвимость браузера Mozilla Firefox, связанная с отсутствием защиты служебных данных, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

EPSS

Процентиль: 53%
0.00304
Низкий

4.3 Medium

CVSS2

4.3 Medium

CVSS3