PT-2018-2999 · Mozilla+3 · Firefox+3

Wladimir Palant

Published

2018-05-09

Updated

2024-12-12

CVE-2018-5167

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 60

Description The issue is related to the web console and JavaScript debugger not properly sanitizing output, which can lead to displaying internal chrome pages as active hyperlinks. This could allow malicious sites to trick users into clicking on "javascript:" links, potentially leading to unauthorized access to protected information.

Recommendations For versions prior to 60, update to version 60 or later to resolve the issue. As a temporary workaround, consider restricting access to the web console and JavaScript debugger to minimize the risk of exploitation. Avoid clicking on suspicious links, especially those starting with "chrome:" or "javascript:".

Fix

RCE

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20CWE-200

Related Identifiers

ALT-PU-2018-1787

ALT-PU-2018-1854

BDU:2019-03318

CVE-2018-5167

OPENSUSE-SU-2024:10600-1

OPENSUSE-SU-2024:14572-1

SUSE-SU-2019:2872-1

USN-3645-1

USN-3645-2

Affected Products

Alt Linux

Firefox

Suse

Ubuntu

PT-2018-2999 · Mozilla+3 · Firefox+3

CVE-2018-5167

Weakness Enumeration

Related Identifiers

Affected Products

References · 1933