CVE-2018-5174 — User Interface (UI) Misrepresentation of Critical Information in Mozilla Firefox
Severity
7.5HIGHNVD
EPSS
0.5%
top 32.36%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJun 11
Latest updateMay 13
Description
In the Windows 10 April 2018 Update, Windows Defender SmartScreen honors the "SEE_MASK_FLAG_NO_UI" flag associated with downloaded files and will not show any UI. Files that are unknown and potentially dangerous will be allowed to run because SmartScreen will not prompt the user for a decision, and if the user is offline all files will be allowed to be opened because Windows won't prompt the user to ask what to do. Firefox incorrectly sets this flag when downloading files, leading to less secure…
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6
Affected Packages7 packages
🔴Vulnerability Details
2GHSA▶
GHSA-cx2r-fxw7-w76f: In the Windows 10 April 2018 Update, Windows Defender SmartScreen honors the "SEE_MASK_FLAG_NO_UI" flag associated with downloaded files and will not↗2022-05-13
CVEList▶
CVE-2018-5174: In the Windows 10 April 2018 Update, Windows Defender SmartScreen honors the "SEE_MASK_FLAG_NO_UI" flag associated with downloaded files and will not↗2018-06-11
📋Vendor Advisories
2💬Community
1Bugzilla▶
CVE-2018-5174 Mozilla: Windows Defender SmartScreen UI runs with less secure behavior for downloaded files in Windows 10 April 2018 Update↗2018-05-09