4.3

CVE-2018-5167

The web console and JavaScript debugger do not sanitize all output that can be hyperlinked. Both will display "chrome:" links as active, clickable hyperlinks in their output. Web sites should not be able to directly link to internal chrome pages. Additionally, the JavaScript debugger will display "javascript:" links, which users could be tricked into clicking by malicious sites. This vulnerability affects Firefox < 60.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
CanonicalUbuntu Linux Version14.04 SwEditionlts
CanonicalUbuntu Linux Version16.04 SwEditionlts
CanonicalUbuntu Linux Version17.10
CanonicalUbuntu Linux Version18.04 SwEditionlts
MozillaFirefox Version < 60.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.44% 0.698
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 2.8 1.4
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.securitytracker.com/id/1040896
Third Party Advisory
VDB Entry
https://usn.ubuntu.com/3645-1/
Third Party Advisory
https://www.mozilla.org/security/advisories/mfsa2018-11/
Vendor Advisory
http://www.securityfocus.com/bid/104139
Third Party Advisory
VDB Entry
https://bugzilla.mozilla.org/show_bug.cgi?id=1447969
Vendor Advisory
Issue Tracking
Permissions Required