CVE-2018-5165
published 2018-06-11CVE-2018-5165: In 32-bit versions of Firefox, the Adobe Flash plugin setting for "Enable Adobe Flash protected mode" is unchecked by default even though the Adobe Flash…
PriorityP425medium5.3CVSS 3.1
AVNACLPRNUINSUCNILAN
EPSS
1.67%
74.0th percentile
In 32-bit versions of Firefox, the Adobe Flash plugin setting for "Enable Adobe Flash protected mode" is unchecked by default even though the Adobe Flash sandbox is actually enabled. The displayed state is the reverse of the true setting, resulting in user confusion. This could cause users to select this setting intending to activate it and inadvertently turn protections off. This vulnerability affects Firefox < 60.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | firefox | < firefox 60.0-1 (sid) | firefox 60.0-1 (sid) |
| mozilla | firefox | < 60.0 | 60.0 |
| mozilla | firefox | >= unspecified < 60 | 60 |
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:N
vendor_debian5.3MEDIUM
vendor_redhat5.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-hc8c-44hv-5hc7: In 32-bit versions of Firefox, the Adobe Flash plugin setting for "Enable Adobe Flash protected mode" is unchecked by default even though the Adobe Fl
ghsa_unreviewed·2022-05-13
CVE-2018-5165 [MEDIUM] GHSA-hc8c-44hv-5hc7: In 32-bit versions of Firefox, the Adobe Flash plugin setting for "Enable Adobe Flash protected mode" is unchecked by default even though the Adobe Fl
In 32-bit versions of Firefox, the Adobe Flash plugin setting for "Enable Adobe Flash protected mode" is unchecked by default even though the Adobe Flash sandbox is actually enabled. The displayed state is the reverse of the true setting, resulting in user confusion. This could cause users to select this setting intending to activate it and inadvertently turn protections off. This vulnerability affects Firefox < 60.
Red Hat
Mozilla: Checkbox for enabling Flash protected mode is inverted in 32-bit Firefox
vendor_redhat·2018-05-09·CVSS 5.3
CVE-2018-5165 [MEDIUM] CWE-451 Mozilla: Checkbox for enabling Flash protected mode is inverted in 32-bit Firefox
Mozilla: Checkbox for enabling Flash protected mode is inverted in 32-bit Firefox
In 32-bit versions of Firefox, the Adobe Flash plugin setting for "Enable Adobe Flash protected mode" is unchecked by default even though the Adobe Flash sandbox is actually enabled. The displayed state is the reverse of the true setting, resulting in user confusion. This could cause users to select this setting intending to activate it and inadvertently turn protections off. This vulnerability affects Firefox < 60.
Package: firefox (Red Hat Enterprise Linux 6) - Not affected
Package: thunderbird (Red Hat Enterprise Linux 6) - Not affected
Package: firefox (Red Hat Enterprise Linux 7) - Not affected
Package: thunderbird (Red Hat Enterprise Linux 7) - Not affected
Debian
CVE-2018-5165: firefox - In 32-bit versions of Firefox, the Adobe Flash plugin setting for "Enable Adobe ...
vendor_debian·2018·CVSS 5.3
CVE-2018-5165 [MEDIUM] CVE-2018-5165: firefox - In 32-bit versions of Firefox, the Adobe Flash plugin setting for "Enable Adobe ...
In 32-bit versions of Firefox, the Adobe Flash plugin setting for "Enable Adobe Flash protected mode" is unchecked by default even though the Adobe Flash sandbox is actually enabled. The displayed state is the reverse of the true setting, resulting in user confusion. This could cause users to select this setting intending to activate it and inadvertently turn protections off. This vulnerability affects Firefox < 60.
Scope: local
sid: resolved (fixed in 60.0-1)
No detection rules found.
No public exploits indexed.
http://www.securityfocus.com/bid/104139http://www.securitytracker.com/id/1040896https://bugzilla.mozilla.org/show_bug.cgi?id=1451452https://www.mozilla.org/security/advisories/mfsa2018-11/http://www.securityfocus.com/bid/104139http://www.securitytracker.com/id/1040896https://bugzilla.mozilla.org/show_bug.cgi?id=1451452https://www.mozilla.org/security/advisories/mfsa2018-11/
2018-06-11
Published