CVE-2018-5176

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 60

Description The JSON Viewer in Firefox has an issue where it displays clickable hyperlinks for strings that are parseable as URLs, including "javascript:" links. If a JSON file contains malicious JavaScript script embedded as "javascript:" links, users may be tricked into clicking and running this code in the context of the JSON Viewer. This can allow for the theft of cookies and authorization tokens which are accessible to that context. The vulnerability may also be exploited to perform cross-site scripting attacks.

Recommendations For versions prior to 60, update to version 60 or later to resolve the issue. As a temporary workaround, consider disabling the JSON Viewer feature until a patch is available. Restrict access to JSON files that may contain malicious "javascript:" links to minimize the risk of exploitation. Avoid clicking on suspicious links within the JSON Viewer to prevent potential code execution.