QwikSec

Security Database

CVE

CWE

Training

CVE-2018-5133

Published: Jun 11, 2018

Modified: Aug 5, 2024

PUBLISHED

Description

If the "app.support.baseURL" preference is changed by a malicious local program to contain HTML and script content, this content is not sanitized. It will be executed if a user loads "chrome://browser/content/preferences/in-content/preferences.xul" directly in a tab and executes a search. This stored preference is also executed whenever an EME video player plugin displays a CDM-disabled message as a notification message. This vulnerability affects Firefox < 59.

Vendor	Product	Versions
Mozilla	Firefox	affected `unspecified - < 59`

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1430974

x_refsource_CONFIRM

vdb-entry

x_refsource_BID

vdb-entry

x_refsource_SECTRACK

vendor-advisory

x_refsource_UBUNTU

https://www.mozilla.org/security/advisories/mfsa2018-06/

x_refsource_CONFIRM

https://bugzilla.mozilla.org/show_bug.cgi?id=1430511

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.