Published: 11/06/2018 Updated: 13/03/2019

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Same-origin protections for the PDF viewer can be bypassed, allowing a malicious site to intercept messages meant for the viewer. This could allow the site to retrieve PDF files restricted to viewing by an authenticated user on a third-party website. This vulnerability affects Firefox ESR < 52.8 and Firefox < 60.

Vulnerable Product	Search on Vulmon	Subscribe to Product
redhat enterprise linux server tus 7.6
redhat enterprise linux server aus 7.6
redhat enterprise linux server eus 7.6
redhat enterprise linux server 6.0
redhat enterprise linux workstation 6.0
redhat enterprise linux desktop 7.0
redhat enterprise linux server 7.0
redhat enterprise linux desktop 6.0
redhat enterprise linux workstation 7.0
redhat enterprise linux server eus 7.5
debian debian linux 8.0
debian debian linux 9.0
debian debian linux 7.0
canonical ubuntu linux 17.10
canonical ubuntu linux 14.04
canonical ubuntu linux 18.04
canonical ubuntu linux 16.04
mozilla firefox
mozilla firefox esr

Synopsis Critical: firefox security update Type/Severity Security Advisory: Critical Topic An update for firefox is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability Scoring System (CVSS) base score, wh ...

Synopsis Critical: firefox security update Type/Severity Security Advisory: Critical Topic An update for firefox is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability Scoring System (CVSS) base score, wh ...

USN-3645-1 caused a regression in Firefox ...

Firefox could be made to crash or run programs as your login if it opened a malicious website ...

Same-origin protections for the PDF viewer can be bypassed, allowing a malicious site to intercept messages meant for the viewer This could allow the site to retrieve PDF files restricted to viewing by an authenticated user on a third-party website This vulnerability affects Firefox ESR < 528 and Firefox < 60 ...

A same-origin policy bypass vulnerability has been found in the PDF viewer of Firefox < 600, allowing a malicious site to intercept messages meant for the viewer This could allow the site to retrieve PDF files restricted to viewing by an authenticated user on a third-party website ...

Mozilla Foundation Security Advisory 2018-11 Security vulnerabilities fixed in Firefox 60 Announced May 9, 2018 Impact critical Products Firefox Fixed in Firefox 60 ...

Mozilla Foundation Security Advisory 2018-12 Security vulnerabilities fixed in Firefox ESR 528 Announced May 9, 2018 Impact critical Products Firefox ESR Fixed in Firefox ESR 528 ...

CWE-200 CWE-346 https://www.mozilla.org/security/advisories/mfsa2018-12/https://www.mozilla.org/security/advisories/mfsa2018-11/https://bugzilla.mozilla.org/show_bug.cgi?id=1449898 https://www.debian.org/security/2018/dsa-4199 https://usn.ubuntu.com/3645-1/https://lists.debian.org/debian-lts-announce/2018/05/msg00007.html https://access.redhat.com/errata/RHSA-2018:1415 https://access.redhat.com/errata/RHSA-2018:1414 http://www.securitytracker.com/id/1040896 http://www.securityfocus.com/bid/104136 https://security.gentoo.org/glsa/201810-01 https://access.redhat.com/errata/RHSA-2018:1414 https://nvd.nist.gov https://usn.ubuntu.com/3645-2/

CVE-2018-5157

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect