CVE-2018-18496

Name of the Vulnerable Software and Affected Versions: Firefox versions prior to 64

Description: The issue is related to insufficient input validation, which can be exploited by a remote attacker to gain access to confidential data, compromise data integrity, and cause a denial of service. Additionally, when the RSS Feed preview about:feeds page is framed within another page, it can be used in concert with scripted content for a clickjacking attack that confuses users into downloading and executing an executable file from a temporary directory. This issue only affects Windows operating systems.

Recommendations: For versions prior to 64, update to version 64 or later to resolve the issue. As a temporary workaround, consider restricting the use of the RSS Feed preview feature in framed pages to minimize the risk of clickjacking attacks.