Security restrictions bypass in Mozilla Firefox - CVE-2018-5168
Published: May 10, 2018
Vulnerability identifier: #VU12551
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2018-5168
CWE-ID: CWE-264
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Mozilla
Affected software:
Mozilla Firefox
Mozilla Firefox
Detailed vulnerability description
The vulnerability allows a remote attacker to bypass security restrictions on the target system.
The weakness exists due to improper privileges or access controls. A remote attacker can manipulate the
The weakness exists due to improper privileges or access controls. A remote attacker can manipulate the
baseURI
property of the theme element, bypass security restrictions and cause lightweight themes to be installed without user interaction which could contain offensive or embarrassing images.How to mitigate CVE-2018-5168
Update to version 60.0.