Security restrictions bypass in Mozilla Firefox - CVE-2018-5169
Published: May 10, 2018
Vulnerability identifier: #VU12553
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2018-5169
CWE-ID: CWE-264
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Mozilla
Affected software:
Mozilla Firefox
Mozilla Firefox
Detailed vulnerability description
The vulnerability allows a remote attacker to bypass security restrictions on the target system.
The weakness exists due to improper privileges or access controls. A remote attacker can drag and drop specially crafted manipulated hyperlinked text containing
The weakness exists due to improper privileges or access controls. A remote attacker can drag and drop specially crafted manipulated hyperlinked text containing
chrome: URL on the "home" icon, cause the home page to be
reset to include a normally-unlinkable chrome page as one of the home
page tabs. How to mitigate CVE-2018-5169
Update to version 60.0.