Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2018-5115

Опубликовано: 11 июн. 2018
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 5
CVSS3: 7.5

Описание

If an HTTP authentication prompt is triggered by a background network request from a page or extension, it is displayed over the currently loaded foreground page. Although the prompt contains the real domain making the request, this can result in user confusion about the originating site of the authentication request and may cause users to mistakenly send private credential information to a third party site. This vulnerability affects Firefox < 58.

РелизСтатусПримечание
artful

released

58.0+build6-0ubuntu0.17.10.1
bionic

released

59.0.1+build1-0ubuntu1
devel

released

59.0.1+build1-0ubuntu1
esm-infra-legacy/trusty

DNE

trusty/esm was DNE [trusty was released [58.0+build6-0ubuntu0.14.04.1]]
precise/esm

DNE

trusty

released

58.0+build6-0ubuntu0.14.04.1
trusty/esm

DNE

trusty was released [58.0+build6-0ubuntu0.14.04.1]
upstream

released

58.0
xenial

released

58.0+build6-0ubuntu0.16.04.1

Показывать по

Ссылки на источники

EPSS

Процентиль: 82%
0.0171
Низкий

5 Medium

CVSS2

7.5 High

CVSS3

Связанные уязвимости

nvd логотип

CVE-2018-5115

CVSS3: 7.5
nvd
больше 7 лет назад

If an HTTP authentication prompt is triggered by a background network request from a page or extension, it is displayed over the currently loaded foreground page. Although the prompt contains the real domain making the request, this can result in user confusion about the originating site of the authentication request and may cause users to mistakenly send private credential information to a third party site. This vulnerability affects Firefox < 58.

debian логотип

CVE-2018-5115

CVSS3: 7.5
debian
больше 7 лет назад

If an HTTP authentication prompt is triggered by a background network ...

github логотип

GHSA-39x9-phxc-qvqw

CVSS3: 7.5
github
больше 3 лет назад

If an HTTP authentication prompt is triggered by a background network request from a page or extension, it is displayed over the currently loaded foreground page. Although the prompt contains the real domain making the request, this can result in user confusion about the originating site of the authentication request and may cause users to mistakenly send private credential information to a third party site. This vulnerability affects Firefox < 58.

fstec логотип

BDU:2018-00867

CVSS3: 5.3
fstec
больше 8 лет назад

Уязвимость браузера Mozilla Firefox, связанная с ошибкой аунтефикации при HTTP запросе, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

EPSS

Процентиль: 82%
0.0171
Низкий

5 Medium

CVSS2

7.5 High

CVSS3