CVE-2018-5124Cross-site Scripting in Mozilla Firefox

CWE-79Cross-site Scripting8 documents7 sources
Severity
6.1MEDIUMNVD
EPSS
0.6%
top 31.80%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Mozilla FirefoxDebian FirefoxDebian Firefox-esr
Timeline
PublishedApr 26
Latest updateMay 24

Description

Unsanitized output in the browser UI leaves HTML tags in place and can result in arbitrary code execution in Firefox before version 58.0.1.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages5 packages

debiandebian/firefox< firefox 58.0.1-1 (sid)
NVDmozilla/firefox< 58.0.1
debiandebian/firefox-esr< firefox 58.0.1-1 (sid)
Ubuntumozilla/firefox< 58.0.1+build1-0ubuntu0.14.04.1+2
CVEListV5mozilla/firefoxAll versions prior to Firefox 58.0.1

🔴Vulnerability Details

3
GHSA
GHSA-x85x-whmj-686x: Unsanitized output in the browser UI leaves HTML tags in place and can result in arbitrary code execution in Firefox before version 582022-05-24
OSV
firefox vulnerability2018-01-31
OSV
CVE-2018-5124: Unsanitized output in the browser UI leaves HTML tags in place and can result in arbitrary code execution in Firefox before version 582018-01-30

📋Vendor Advisories

3
Ubuntu
Firefox vulnerability2018-01-31
Red Hat
firefox: Unsanitized output in browser UI can lead to arbitrary code execution2018-01-29
Debian
CVE-2018-5124: firefox - Unsanitized output in the browser UI leaves HTML tags in place and can result in...2018

💬Community

1
Bugzilla
CVE-2018-5124 firefox: Unsanitized output in browser UI can lead to arbitrary code execution2018-01-31