Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
8.8
CVSSv3

CVE-2018-5158

Published: 11/06/2018 Updated: 13/03/2019
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 606
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Debian

Vulnerability Summary

The PDF viewer does not sufficiently sanitize PostScript calculator functions, allowing malicious JavaScript to be injected through a crafted PDF file. This JavaScript can then be run with the permissions of the PDF viewer by its worker. This vulnerability affects Firefox ESR < 52.8 and Firefox < 60.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

debian debian linux 9.0

debian debian linux 7.0

debian debian linux 8.0

redhat enterprise linux desktop 6.0

redhat enterprise linux workstation 6.0

redhat enterprise linux server eus 7.5

redhat enterprise linux server tus 7.6

redhat enterprise linux desktop 7.0

redhat enterprise linux server 7.0

redhat enterprise linux workstation 7.0

redhat enterprise linux server aus 7.6

redhat enterprise linux server 6.0

redhat enterprise linux server eus 7.6

mozilla firefox

mozilla firefox esr

canonical ubuntu linux 14.04

canonical ubuntu linux 16.04

canonical ubuntu linux 17.10

canonical ubuntu linux 18.04

Vendor Advisories

Red Hat: CVE-2018-5158
The PDF viewer does not sufficiently sanitize PostScript calculator functions, allowing malicious JavaScript to be injected through a crafted PDF file This JavaScript can then be run with the permissions of the PDF viewer by its worker This vulnerability affects Firefox ESR &lt; 528 and Firefox &lt; 60 ...
Arch Linux Issues:
A insufficient sanitization of Postscript calculator functions vulnerability has been found in the PDF viewer of Firefox &lt; 600, allowing malicious JavaScript to be injected through a crafted PDF file This JavaScript can then be run with the permissions of the PDF viewer by its worker ...
Red Hat: Critical: firefox security update
Synopsis Critical: firefox security update Type/Severity Security Advisory: Critical Topic An update for firefox is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability Scoring System (CVSS) base score, wh ...
Red Hat: Critical: firefox security update
Synopsis Critical: firefox security update Type/Severity Security Advisory: Critical Topic An update for firefox is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability Scoring System (CVSS) base score, wh ...
Debian CVElist Bug Report Logs: gitlab: CVE-2018-5158 CVE-2019-10109 CVE-2019-10110 CVE-2019-10111 CVE-2019-10113 CVE-2019-10115 CVE-2019-10116 CVE-2019-10640
Debian Bug report logs - #926482 gitlab: CVE-2018-5158 CVE-2019-10109 CVE-2019-10110 CVE-2019-10111 CVE-2019-10113 CVE-2019-10115 CVE-2019-10116 CVE-2019-10640 Package: src:gitlab; Maintainer for src:gitlab is Debian Ruby Extras Maintainers &lt;pkg-ruby-extras-maintainers@listsaliothdebianorg&gt;; Reported by: Salvatore Bonaccor ...
Mozilla: Mozilla Foundation Security Advisory 2018-12
Security vulnerabilities fixed in Firefox ESR 528 Announced May 9, 2018 Impact critical Products Firefox ESR Fixed in Firefox ESR 528 ...
Mozilla: Security vulnerabilities fixed in Firefox ESR 52.8
Mozilla Foundation Security Advisory 2018-12 Security vulnerabilities fixed in Firefox ESR 528 Announced May 9, 2018 Impact critical Products Firefox ESR Fixed in Firefox ESR 528 ...
Ubuntu Security Notice: firefox vulnerabilities
Firefox could be made to crash or run programs as your login if it opened a malicious website ...
Ubuntu Security Notice: firefox regression
USN-3645-1 caused a regression in Firefox ...
Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2018
Oracle Solaris Third Party Bulletin - April 2018 Description The Oracle Solaris Third Party Bulletin announces patches for one or more security vulnerabilities fixed in third party software that is included in Oracle Solaris distributions Starting January 20, 2015, Third Party Bulletins are released on the same day when Oracle Critical ...
Arch Linux Advisories: [ASA-201805-10] firefox: multiple issues
Arch Linux Security Advisory ASA-201805-10 ========================================== Severity: Critical Date : 2018-05-13 CVE-ID : CVE-2018-5150 CVE-2018-5151 CVE-2018-5152 CVE-2018-5153 CVE-2018-5154 CVE-2018-5155 CVE-2018-5157 CVE-2018-5158 CVE-2018-5159 CVE-2018-5160 CVE-2018-5163 CVE-2018-5164 CVE-2018-5166 C ...
Mozilla: Mozilla Foundation Security Advisory 2018-11
Security vulnerabilities fixed in Firefox 60 Announced May 9, 2018 Impact critical Products Firefox Fixed in Firefox 60 ...
Mozilla: Security vulnerabilities fixed in Firefox 60
Mozilla Foundation Security Advisory 2018-11 Security vulnerabilities fixed in Firefox 60 Announced May 9, 2018 Impact critical Products Firefox Fixed in Firefox 60 ...
Oracle Linux Bulletins: Oracle Linux Bulletin - April 2018
Oracle Linux Bulletin - April 2018 Description The Oracle Linux Bulletin lists all CVEs that had been resolved and announced in Oracle Linux Security Advisories (ELSA) in the last one month prior to the release of the bulletin Oracle Linux Bulletins are published on the same day as Oracle Critical P ...

Github Repositories

Bug_Bounty_Reports

Summary of almost all paid bounty reports on H1

Public Bug Bounty Reports Since ~2020 Open for contributions from others as well, so please send a pull request if you can! Content raw Markdown HTML Rendered Markdown HTML # Category Description Bounty Program URL 1 IDOR IDOR for order delivery address $3000 Mailru hackeronecom/reports/723461 2 IDOR IDOR to change API-key description $250 Visma h

web-translate

支持pdf和web的双击划词翻译脚本,当前使用爱词霸公共api

1 关于 双击划词翻译,浏览器脚本插件,支持PDF和普通网页 使用国内优秀翻译软件iCIBA的即划即译功能,并使用了优秀的开源项目PDFjs firefox扩展: Web-Translate-firefox chrome扩展: Web-Translate-chrome 2018/06/12 功能更新: 添加右键打开本地PDF的功能,支持Chrome和Firefox,自动加载取词脚本 2018/08/09 公告

CVE-T4PDF CVEs and Techniques used PDF as an attack vector Table of contents List of CVEs List of Techniques List of CVEs Name Description PoC CVE-2022-30775 xpdf 404 allocates excessive memory when presented with crafted input This can be triggered by (for example) sending a crafted PDF document to the pdftoppm binary It is most easily reproduced with the DCMAKE

References

CWE-94https://www.mozilla.org/security/advisories/mfsa2018-12/https://www.mozilla.org/security/advisories/mfsa2018-11/https://bugzilla.mozilla.org/show_bug.cgi?id=1452075https://www.debian.org/security/2018/dsa-4199https://usn.ubuntu.com/3645-1/https://lists.debian.org/debian-lts-announce/2018/05/msg00007.htmlhttps://access.redhat.com/errata/RHSA-2018:1415https://access.redhat.com/errata/RHSA-2018:1414http://www.securitytracker.com/id/1040896http://www.securityfocus.com/bid/104136https://security.gentoo.org/glsa/201810-01https://github.com/pwnpanda/Bug_Bounty_Reportshttps://nvd.nist.govhttps://www.securityfocus.com/bid/104136https://access.redhat.com/security/cve/cve-2018-5158https://security.archlinux.org/CVE-2018-5158https://usn.ubuntu.com/3645-1/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversalCVE-2023-21068CVE-2023-21077unspecifiedCVE-2023-21070CVE-2023-21016file upload
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook