CVE-2018-5172

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 60

Description The issue arises when a user pastes script content from the clipboard into the Live Bookmarks page or the PDF viewer while viewing RSS feeds or PDF files. This could allow a malicious site to socially engineer a user into copying and pasting malicious script content, which could then run with the context of either page. However, it does not allow for privilege escalation. The vulnerability can be exploited by a remote attacker using a specially crafted website to execute arbitrary code.

Recommendations For versions prior to 60, update to version 60 or later to resolve the issue. As a temporary workaround, consider avoiding the paste function in the Live Bookmarks page and the PDF viewer when viewing RSS feeds or PDF files from untrusted sources. Restrict access to these features to minimize the risk of exploitation.