Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2018-5133

Опубликовано: 11 июн. 2018
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 4.3
CVSS3: 6.5

Описание

If the "app.support.baseURL" preference is changed by a malicious local program to contain HTML and script content, this content is not sanitized. It will be executed if a user loads "chrome://browser/content/preferences/in-content/preferences.xul" directly in a tab and executes a search. This stored preference is also executed whenever an EME video player plugin displays a CDM-disabled message as a notification message. This vulnerability affects Firefox < 59.

РелизСтатусПримечание
artful

released

59.0+build5-0ubuntu0.17.10.1
bionic

released

59.0.1+build1-0ubuntu1
devel

released

59.0.1+build1-0ubuntu1
esm-infra-legacy/trusty

DNE

trusty/esm was DNE [trusty was released [59.0+build5-0ubuntu0.14.04.1]]
precise/esm

DNE

trusty

released

59.0+build5-0ubuntu0.14.04.1
trusty/esm

DNE

trusty was released [59.0+build5-0ubuntu0.14.04.1]
upstream

released

59.0
xenial

released

59.0+build5-0ubuntu0.16.04.1

Показывать по

Ссылки на источники

EPSS

Процентиль: 70%
0.00639
Низкий

4.3 Medium

CVSS2

6.5 Medium

CVSS3

Связанные уязвимости

nvd логотип

CVE-2018-5133

CVSS3: 6.5
nvd
больше 7 лет назад

If the "app.support.baseURL" preference is changed by a malicious local program to contain HTML and script content, this content is not sanitized. It will be executed if a user loads "chrome://browser/content/preferences/in-content/preferences.xul" directly in a tab and executes a search. This stored preference is also executed whenever an EME video player plugin displays a CDM-disabled message as a notification message. This vulnerability affects Firefox < 59.

debian логотип

CVE-2018-5133

CVSS3: 6.5
debian
больше 7 лет назад

If the "app.support.baseURL" preference is changed by a malicious loca ...

github логотип

GHSA-9rwp-r33f-q36c

CVSS3: 6.5
github
больше 3 лет назад

If the "app.support.baseURL" preference is changed by a malicious local program to contain HTML and script content, this content is not sanitized. It will be executed if a user loads "chrome://browser/content/preferences/in-content/preferences.xul" directly in a tab and executes a search. This stored preference is also executed whenever an EME video player plugin displays a CDM-disabled message as a notification message. This vulnerability affects Firefox < 59.

fstec логотип

BDU:2021-00354

CVSS3: 6.5
fstec
около 8 лет назад

Уязвимость реализации конфигурации app.support.baseURL браузера Mozilla Firefox, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

EPSS

Процентиль: 70%
0.00639
Низкий

4.3 Medium

CVSS2

6.5 Medium

CVSS3