Main Vulnerability Database Vulnerabilities #VU10195

Information disclosure in Mozilla Firefox - CVE-2018-5118

Published: January 24, 2018

Vulnerability identifier: #VU10195

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-5118

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Mozilla

Affected software:
Mozilla Firefox

Detailed vulnerability description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The vulnerability exists due to an error in the Activity Stream page when attempting to create screenshot images through file: URLs from the local file system. A remote attacker can bypass security restrictions and expose local data if combined with another attack that escapes sandbox protections.

How to mitigate CVE-2018-5118

Update to version 58.0.

Sources

https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/

Information disclosure in Mozilla Firefox - CVE-2018-5118

Detailed vulnerability description

How to mitigate CVE-2018-5118

Sources

Please verify you're human