PT-2017-4038 · Mozilla+2 · Firefox+2

Abdulrahman Alqabandi

Publicado

2017-12-08

Atualizado

2024-12-12

CVE-2018-5140

CVSS v3.1

5.3

Média

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 59

Description The issue is related to the implementation of the "moz-icon:" protocol in Mozilla Firefox, which can be accessed through script in web content even when otherwise prohibited. This could allow for information leakage of which applications are associated with specific MIME types by a malicious page. The vulnerability is associated with a lack of protection for internal data, which could allow a remote attacker to gain unauthorized access to protected information.

Recommendations For versions prior to 59, update to version 59 or later to resolve the issue.

Correção

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200

Identificadores relacionados

ALT-PU-2018-1502

ALT-PU-2018-1854

BDU:2021-00357

CVE-2018-5140

OPENSUSE-SU-2024:10600-1

OPENSUSE-SU-2024:14572-1

USN-3596-1

USN-3596-2

Produtos afetados

Alt Linux

Firefox

Ubuntu

PT-2017-4038 · Mozilla+2 · Firefox+2

CVE-2018-5140

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 1898