CVE-2018-5143

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 59

Description The issue is related to the implementation of the JavaScript programming language in the Mozilla Firefox browser, specifically with the protection measures for the web page structure. It allows an attacker to conduct cross-site scripting (XSS) attacks. If a tab character is embedded in a "javascript:" URL, the protocol is not removed when pasted into the address bar, and the script will execute, potentially allowing users to be socially engineered into running an XSS attack against themselves.

Recommendations For versions prior to 59, update to version 59 or later to resolve the issue. As a temporary workaround, consider avoiding the use of "javascript:" URLs with embedded tab characters in the address bar until the update is applied.