Main Vulnerability Database Vulnerabilities #VU12570

#VU12570 Security restrictions bypass in Mozilla Firefox - CVE-2018-5165

Published: May 10, 2018

Vulnerability identifier: #VU12570

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-5165

CWE-ID: CWE-264

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Mozilla Firefox

Software vendor:
Mozilla

Description

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The vulnerability exists due to the Adobe Flash plugin setting for 'Enable Adobe Flash protected mode' displays the opposite status of the Adobe Flash sandbox. A remote attacker can bypass security restrictions and turn protections off.

Remediation

Update to version 60.0.

External links

https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/

#VU12570 Security restrictions bypass in Mozilla Firefox - CVE-2018-5165

Description

Remediation

External links

Please verify you're human