PT-2018-3043 · Mozilla+3 · Firefox+3

Abdulrahman Alqabandi

Published

2018-05-09

Updated

2024-12-12

CVE-2018-5169

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:C/A:N

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 60

Description The issue is related to errors when dragging and dropping a hyperlink with a "chrome:" URL on the "home" icon. This can lead to the home page being reset to include a normally unlinkable chrome page as one of the home page tabs. The vulnerability can be exploited by a remote attacker to impact the integrity of protected information.

Recommendations For versions prior to 60, update to version 60 or later to resolve the issue. As a temporary workaround, consider avoiding the drag and drop action of hyperlinked text with "chrome:" URL on the "home" icon until a patch is available. Restrict access to sensitive information to minimize the risk of exploitation.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

ALT-PU-2018-1787

ALT-PU-2018-1854

BDU:2019-03511

CVE-2018-5169

OPENSUSE-SU-2024:10600-1

OPENSUSE-SU-2024:14572-1

SUSE-SU-2019:2872-1

USN-3645-1

USN-3645-2

Affected Products

Alt Linux

Firefox

Suse

Ubuntu

PT-2018-3043 · Mozilla+3 · Firefox+3

CVE-2018-5169

Weakness Enumeration

Related Identifiers

Affected Products

References · 1931