Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, bypass same-origin restrictions, conduct cross-site scripting (XSS) attacks, install lightweight themes without user interaction, spoof the filename in the downloads panel, or execute arbitrary code. (CVE-2018-5150, CVE-2018-5151, CVE-2018-5153, CVE-2018-5154, CVE-2018-5155, CVE-2018-5157, CVE-2018-5158, CVE-2018-5159, CVE-2018-5160, CVE-2018-5163, CVE-2018-5164, CVE-2018-5168, CVE-2018-5173, CVE-2018-5175, CVE-2018-5177, CVE-2018-5180)
Multiple security issues were discovered with WebExtensions. If a user were tricked in to installing a specially crafted extension, an attacker could potentially exploit these to obtain sensitive information, or bypass security restrictions. (CVE-2018-5152, CVE-2018-5166)
It was discovered that the web console and JavaScript debugger incorrectly linkified chrome: and javascript URLs. If a user were tricked in to clicking a specially crafted link, an attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks. (CVE-2018-5167)
It was discovered that dragging and dropping link text on to the home button could set the home page to include chrome pages. If a user were tricked in to dragging and dropping a specially crafted link on to the home button, an attacker could potentially exploit this bypass security restrictions. (CVE-2018-5169)
It was discovered that the Live Bookmarks page and PDF viewer would run script pasted from the clipboard. If a user were tricked in to copying and pasting specially crafted text, an attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks. (CVE-2018-5172)
It was discovered that the JSON viewer incorrectly linkified javascript: URLs. If a user were tricked in to clicking on a specially crafted link, an attacker could potentially exploit this to obtain sensitive information. (CVE-2018-5176)
It was discovered that dragging a file: URL on to a tab that is running in a different process would cause the file to open in that process. If a user were tricked in to dragging a file: URL, an attacker could potentially exploit this to bypass intended security policies. (CVE-2018-5181)
It was discovered that dragging text that is a file: URL on to the addressbar would open the specified file. If a user were tricked in to dragging specially crafted text on to the addressbar, an attacker could potentially exploit this to bypass intended security policies. (CVE-2018-5182)
{ "availability": "No subscription required", "binaries": [ { "binary_version": "60.0+build2-0ubuntu0.14.04.1", "binary_name": "firefox" }, { "binary_version": "60.0+build2-0ubuntu0.14.04.1", "binary_name": "firefox-dev" }, { "binary_version": "60.0+build2-0ubuntu0.14.04.1", "binary_name": "firefox-globalmenu" }, { "binary_version": "60.0+build2-0ubuntu0.14.04.1", "binary_name": "firefox-mozsymbols" }, { "binary_version": "60.0+build2-0ubuntu0.14.04.1", "binary_name": "firefox-testsuite" } ] }
{ "ecosystem": "Ubuntu:14.04:LTS", "cves": [ { "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "type": "Ubuntu", "score": "medium" } ], "id": "CVE-2018-5150" }, { "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "type": "Ubuntu", "score": "medium" } ], "id": "CVE-2018-5151" }, { "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "type": "Ubuntu", "score": "medium" } ], "id": "CVE-2018-5152" }, { "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "type": "Ubuntu", "score": "medium" } ], "id": "CVE-2018-5153" }, { "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "type": "Ubuntu", "score": "medium" } ], "id": "CVE-2018-5154" }, { "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "type": "Ubuntu", "score": "medium" } ], "id": "CVE-2018-5155" }, { "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "type": "Ubuntu", "score": "medium" } ], "id": "CVE-2018-5157" }, { "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "type": "Ubuntu", "score": "medium" } ], "id": "CVE-2018-5158" }, { "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "type": "Ubuntu", "score": "medium" } ], "id": "CVE-2018-5159" }, { "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "type": "Ubuntu", "score": "medium" } ], "id": "CVE-2018-5160" }, { "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "type": "Ubuntu", "score": "medium" } ], "id": "CVE-2018-5163" }, { "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "type": "Ubuntu", "score": "medium" } ], "id": "CVE-2018-5164" }, { "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "type": "Ubuntu", "score": "medium" } ], "id": "CVE-2018-5166" }, { "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "type": "Ubuntu", "score": "medium" } ], "id": "CVE-2018-5167" }, { "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "type": "Ubuntu", "score": "medium" } ], "id": "CVE-2018-5168" }, { "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "type": "Ubuntu", "score": "medium" } ], "id": "CVE-2018-5169" }, { "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "type": "Ubuntu", "score": "medium" } ], "id": "CVE-2018-5172" }, { "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "type": "Ubuntu", "score": "medium" } ], "id": "CVE-2018-5173" }, { "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "type": "Ubuntu", "score": "medium" } ], "id": "CVE-2018-5175" }, { "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "type": "Ubuntu", "score": "medium" } ], "id": "CVE-2018-5176" }, { "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "type": "Ubuntu", "score": "medium" } ], "id": "CVE-2018-5177" }, { "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "type": "Ubuntu", "score": "medium" } ], "id": "CVE-2018-5180" }, { "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "type": "Ubuntu", "score": "medium" } ], "id": "CVE-2018-5181" }, { "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "type": "Ubuntu", "score": "medium" } ], "id": "CVE-2018-5182" } ] }
{ "availability": "No subscription required", "binaries": [ { "binary_version": "60.0+build2-0ubuntu0.16.04.1", "binary_name": "firefox" }, { "binary_version": "60.0+build2-0ubuntu0.16.04.1", "binary_name": "firefox-dev" }, { "binary_version": "60.0+build2-0ubuntu0.16.04.1", "binary_name": "firefox-globalmenu" }, { "binary_version": "60.0+build2-0ubuntu0.16.04.1", "binary_name": "firefox-mozsymbols" }, { "binary_version": "60.0+build2-0ubuntu0.16.04.1", "binary_name": "firefox-testsuite" } ] }
{ "ecosystem": "Ubuntu:16.04:LTS", "cves": [ { "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "type": "Ubuntu", "score": "medium" } ], "id": "CVE-2018-5150" }, { "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "type": "Ubuntu", "score": "medium" } ], "id": "CVE-2018-5151" }, { "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "type": "Ubuntu", "score": "medium" } ], "id": "CVE-2018-5152" }, { "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "type": "Ubuntu", "score": "medium" } ], "id": "CVE-2018-5153" }, { "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "type": "Ubuntu", "score": "medium" } ], "id": "CVE-2018-5154" }, { "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "type": "Ubuntu", "score": "medium" } ], "id": "CVE-2018-5155" }, { "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "type": "Ubuntu", "score": "medium" } ], "id": "CVE-2018-5157" }, { "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "type": "Ubuntu", "score": "medium" } ], "id": "CVE-2018-5158" }, { "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "type": "Ubuntu", "score": "medium" } ], "id": "CVE-2018-5159" }, { "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "type": "Ubuntu", "score": "medium" } ], "id": "CVE-2018-5160" }, { "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "type": "Ubuntu", "score": "medium" } ], "id": "CVE-2018-5163" }, { "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "type": "Ubuntu", "score": "medium" } ], "id": "CVE-2018-5164" }, { "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "type": "Ubuntu", "score": "medium" } ], "id": "CVE-2018-5166" }, { "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "type": "Ubuntu", "score": "medium" } ], "id": "CVE-2018-5167" }, { "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "type": "Ubuntu", "score": "medium" } ], "id": "CVE-2018-5168" }, { "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "type": "Ubuntu", "score": "medium" } ], "id": "CVE-2018-5169" }, { "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "type": "Ubuntu", "score": "medium" } ], "id": "CVE-2018-5172" }, { "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "type": "Ubuntu", "score": "medium" } ], "id": "CVE-2018-5173" }, { "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "type": "Ubuntu", "score": "medium" } ], "id": "CVE-2018-5175" }, { "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "type": "Ubuntu", "score": "medium" } ], "id": "CVE-2018-5176" }, { "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "type": "Ubuntu", "score": "medium" } ], "id": "CVE-2018-5177" }, { "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "type": "Ubuntu", "score": "medium" } ], "id": "CVE-2018-5180" }, { "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "type": "Ubuntu", "score": "medium" } ], "id": "CVE-2018-5181" }, { "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "type": "Ubuntu", "score": "medium" } ], "id": "CVE-2018-5182" } ] }
{ "availability": "No subscription required", "binaries": [ { "binary_version": "60.0+build2-0ubuntu1", "binary_name": "firefox" }, { "binary_version": "60.0+build2-0ubuntu1", "binary_name": "firefox-dev" }, { "binary_version": "60.0+build2-0ubuntu1", "binary_name": "firefox-globalmenu" }, { "binary_version": "60.0+build2-0ubuntu1", "binary_name": "firefox-mozsymbols" }, { "binary_version": "60.0+build2-0ubuntu1", "binary_name": "firefox-testsuite" } ] }
{ "ecosystem": "Ubuntu:18.04:LTS", "cves": [ { "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "type": "Ubuntu", "score": "medium" } ], "id": "CVE-2018-5150" }, { "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "type": "Ubuntu", "score": "medium" } ], "id": "CVE-2018-5151" }, { "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "type": "Ubuntu", "score": "medium" } ], "id": "CVE-2018-5152" }, { "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "type": "Ubuntu", "score": "medium" } ], "id": "CVE-2018-5153" }, { "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "type": "Ubuntu", "score": "medium" } ], "id": "CVE-2018-5154" }, { "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "type": "Ubuntu", "score": "medium" } ], "id": "CVE-2018-5155" }, { "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "type": "Ubuntu", "score": "medium" } ], "id": "CVE-2018-5157" }, { "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "type": "Ubuntu", "score": "medium" } ], "id": "CVE-2018-5158" }, { "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "type": "Ubuntu", "score": "medium" } ], "id": "CVE-2018-5159" }, { "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "type": "Ubuntu", "score": "medium" } ], "id": "CVE-2018-5160" }, { "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "type": "Ubuntu", "score": "medium" } ], "id": "CVE-2018-5163" }, { "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "type": "Ubuntu", "score": "medium" } ], "id": "CVE-2018-5164" }, { "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "type": "Ubuntu", "score": "medium" } ], "id": "CVE-2018-5166" }, { "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "type": "Ubuntu", "score": "medium" } ], "id": "CVE-2018-5167" }, { "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "type": "Ubuntu", "score": "medium" } ], "id": "CVE-2018-5168" }, { "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "type": "Ubuntu", "score": "medium" } ], "id": "CVE-2018-5169" }, { "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "type": "Ubuntu", "score": "medium" } ], "id": "CVE-2018-5172" }, { "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "type": "Ubuntu", "score": "medium" } ], "id": "CVE-2018-5173" }, { "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "type": "Ubuntu", "score": "medium" } ], "id": "CVE-2018-5175" }, { "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "type": "Ubuntu", "score": "medium" } ], "id": "CVE-2018-5176" }, { "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "type": "Ubuntu", "score": "medium" } ], "id": "CVE-2018-5177" }, { "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "type": "Ubuntu", "score": "medium" } ], "id": "CVE-2018-5180" }, { "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "type": "Ubuntu", "score": "medium" } ], "id": "CVE-2018-5181" }, { "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "type": "Ubuntu", "score": "medium" } ], "id": "CVE-2018-5182" } ] }