PT-2017-4038 · Mozilla+2 · Firefox+2

Abdulrahman Alqabandi

Published

2017-12-08

Updated

2024-12-12

CVE-2018-5140

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 59

Description The issue is related to the implementation of the "moz-icon:" protocol in Mozilla Firefox, which can be accessed through script in web content even when otherwise prohibited. This could allow for information leakage of which applications are associated with specific MIME types by a malicious page. The vulnerability is associated with a lack of protection for internal data, which could allow a remote attacker to gain unauthorized access to protected information.

Recommendations For versions prior to 59, update to version 59 or later to resolve the issue.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

ALT-PU-2018-1502

ALT-PU-2018-1854

BDU:2021-00357

CVE-2018-5140

OPENSUSE-SU-2024:10600-1

OPENSUSE-SU-2024:14572-1

USN-3596-1

USN-3596-2

Affected Products

Alt Linux

Firefox

Ubuntu

PT-2017-4038 · Mozilla+2 · Firefox+2

CVE-2018-5140

Weakness Enumeration

Related Identifiers

Affected Products

References · 1898