Main Vulnerability Database Vulnerabilities #VU12551

#VU12551 Security restrictions bypass in Mozilla Firefox - CVE-2018-5168

Published: May 10, 2018

Vulnerability identifier: #VU12551

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-5168

CWE-ID: CWE-264

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Mozilla Firefox

Software vendor:
Mozilla

Description

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The weakness exists due to improper privileges or access controls. A remote attacker can manipulate the baseURI property of the theme element, bypass security restrictions and cause lightweight themes to be installed without user interaction which could contain offensive or embarrassing images.

Remediation

Update to version 60.0.

External links

https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/

#VU12551 Security restrictions bypass in Mozilla Firefox - CVE-2018-5168

Description

Remediation

External links

Please verify you're human