Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2018-5176

Published: 11/06/2018 Updated: 03/08/2018
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Subscribe to Canonical

Vulnerability Summary

The JSON Viewer displays clickable hyperlinks for strings that are parseable as URLs, including "javascript:" links. If a JSON file contains malicious JavaScript script embedded as "javascript:" links, users may be tricked into clicking and running this code in the context of the JSON Viewer. This can allow for the theft of cookies and authorization tokens which are accessible to that context. This vulnerability affects Firefox < 60.

Vulnerable Product Search on Vulmon Subscribe to Product

canonical ubuntu linux 18.04

canonical ubuntu linux 17.10

canonical ubuntu linux 16.04

canonical ubuntu linux 14.04

mozilla firefox

Vendor Advisories

Ubuntu Security Notice: firefox regression
USN-3645-1 caused a regression in Firefox ...
Ubuntu Security Notice: firefox vulnerabilities
Firefox could be made to crash or run programs as your login if it opened a malicious website ...
Red Hat: CVE-2018-5176
The JSON Viewer displays clickable hyperlinks for strings that are parseable as URLs, including "javascript:" links If a JSON file contains malicious JavaScript script embedded as "javascript:" links, users may be tricked into clicking and running this code in the context of the JSON Viewer This can allow for the theft of cookies and authorizatio ...
Mozilla: Security vulnerabilities fixed in Firefox 60
Mozilla Foundation Security Advisory 2018-11 Security vulnerabilities fixed in Firefox 60 Announced May 9, 2018 Impact critical Products Firefox Fixed in Firefox 60 ...
Arch Linux Issues:
The JSON Viewer in Firefox before 600 displays clickable hyperlinks for strings that are parseable as URLs, including javascript: links If a JSON file contains malicious JavaScript script embedded as javascript: links, users may be tricked into clicking and running this code in the context of the JSON Viewer This can allow for the theft of cooki ...

References

CWE-20https://www.mozilla.org/security/advisories/mfsa2018-11/https://bugzilla.mozilla.org/show_bug.cgi?id=1442840https://usn.ubuntu.com/3645-1/http://www.securitytracker.com/id/1040896http://www.securityfocus.com/bid/104139https://nvd.nist.govhttps://usn.ubuntu.com/3645-2/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
encryptionCVE-2024-4331CVE-2024-26925arbitrary codeCVE-2006-4304CVE-2024-25458CVE-2024-27077reflected XSSCVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook