CVE-2018-5124
published 2019-04-26CVE-2018-5124: Unsanitized output in the browser UI leaves HTML tags in place and can result in arbitrary code execution in Firefox before version 58.0.1.
PriorityP426medium6.1CVSS 3.0
AVNACLPRNUIRSCCLILAN
EPSS
1.01%
59.0th percentile
Unsanitized output in the browser UI leaves HTML tags in place and can result in arbitrary code execution in Firefox before version 58.0.1.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | firefox | < firefox 58.0.1-1 (sid) | firefox 58.0.1-1 (sid) |
| debian | firefox-esr | < firefox 58.0.1-1 (sid) | firefox 58.0.1-1 (sid) |
| mozilla | firefox | < 58.0.1 | 58.0.1 |
| mozilla | firefox | — | — |
| mozilla | firefox | >= 0 < 58.0.1+build1-0ubuntu0.14.04.1 | 58.0.1+build1-0ubuntu0.14.04.1 |
| mozilla | firefox | >= 0 < 58.0.1+build1-0ubuntu0.16.04.1 | 58.0.1+build1-0ubuntu0.16.04.1 |
| mozilla | firefox | >= 0 < 59.0.1+build1-0ubuntu1 | 59.0.1+build1-0ubuntu1 |
CVSS provenance
nvdv3.06.1MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
osv6.1MEDIUM
vendor_debian6.1MEDIUM
vendor_redhat6.1MEDIUM
vendor_ubuntu6.1MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Firefox vulnerability
vendor_ubuntu·2018-01-31·CVSS 6.1
CVE-2018-5124 [MEDIUM] Firefox vulnerability
Title: Firefox vulnerability
Summary: Firefox could be made to run programs as your login if it opened a
malicious website.
Johann Hofmann discovered that HTML fragments created for
chrome-privileged documents were not properly sanitized. An attacker
could exploit this to execute arbitrary code. (CVE-2018-5124)
Instructions: After a standard system update you need to restart Firefox to make
all the necessary changes.
Red Hat
firefox: Unsanitized output in browser UI can lead to arbitrary code execution
vendor_redhat·2018-01-29·CVSS 6.1
CVE-2018-5124 [MEDIUM] CWE-79 firefox: Unsanitized output in browser UI can lead to arbitrary code execution
firefox: Unsanitized output in browser UI can lead to arbitrary code execution
Unsanitized output in the browser UI leaves HTML tags in place and can result in arbitrary code execution in Firefox before version 58.0.1.
Package: firefox (Red Hat Enterprise Linux 5) - Not affected
Package: firefox (Red Hat Enterprise Linux 6) - Not affected
Package: firefox (Red Hat Enterprise Linux 7) - Not affected
Debian
CVE-2018-5124: firefox - Unsanitized output in the browser UI leaves HTML tags in place and can result in...
vendor_debian·2018·CVSS 6.1
CVE-2018-5124 [MEDIUM] CVE-2018-5124: firefox - Unsanitized output in the browser UI leaves HTML tags in place and can result in...
Unsanitized output in the browser UI leaves HTML tags in place and can result in arbitrary code execution in Firefox before version 58.0.1.
Scope: local
sid: resolved (fixed in 58.0.1-1)
GHSA
GHSA-x85x-whmj-686x: Unsanitized output in the browser UI leaves HTML tags in place and can result in arbitrary code execution in Firefox before version 58
ghsa_unreviewed·2022-05-24
CVE-2018-5124 [MEDIUM] CWE-79 GHSA-x85x-whmj-686x: Unsanitized output in the browser UI leaves HTML tags in place and can result in arbitrary code execution in Firefox before version 58
Unsanitized output in the browser UI leaves HTML tags in place and can result in arbitrary code execution in Firefox before version 58.0.1.
OSV
firefox vulnerability
osv·2018-01-31·CVSS 6.1
CVE-2018-5124 [MEDIUM] firefox vulnerability
firefox vulnerability
Johann Hofmann discovered that HTML fragments created for
chrome-privileged documents were not properly sanitized. An attacker
could exploit this to execute arbitrary code. (CVE-2018-5124)
OSV
CVE-2018-5124: Unsanitized output in the browser UI leaves HTML tags in place and can result in arbitrary code execution in Firefox before version 58
osv·2018-01-30·CVSS 6.1
CVE-2018-5124 [MEDIUM] CVE-2018-5124: Unsanitized output in the browser UI leaves HTML tags in place and can result in arbitrary code execution in Firefox before version 58
Unsanitized output in the browser UI leaves HTML tags in place and can result in arbitrary code execution in Firefox before version 58.0.1.
No detection rules found.
No public exploits indexed.
2019-04-26
Published