Main Vulnerability Database Vulnerabilities #VU12570

Security restrictions bypass in Mozilla Firefox - CVE-2018-5165

Published: May 10, 2018

Vulnerability identifier: #VU12570

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-5165

CWE-ID: CWE-264

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Mozilla

Affected software:
Mozilla Firefox

Detailed vulnerability description

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The vulnerability exists due to the Adobe Flash plugin setting for 'Enable Adobe Flash protected mode' displays the opposite status of the Adobe Flash sandbox. A remote attacker can bypass security restrictions and turn protections off.

How to mitigate CVE-2018-5165

Update to version 60.0.

Sources

https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/

Security restrictions bypass in Mozilla Firefox - CVE-2018-5165

Detailed vulnerability description

How to mitigate CVE-2018-5165

Sources

Please verify you're human