Medium severity4.3NVD Advisory· Published Jun 11, 2018· Updated Jun 17, 2026
CVE-2018-5108
CVE-2018-5108
Description
A Blob URL can violate origin attribute segregation, allowing it to be accessed from a private browsing tab and for data to be passed between the private browsing tab and a normal tab. This could allow for the leaking of private information specific to the private browsing context. This issue is mitigated by the requirement that the user enter the Blob URL manually in order for the access violation to occur. This vulnerability affects Firefox < 58.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4<58+ 1 more
- (no CPE)range: <58
- (no CPE)range: unspecified
- osv-coords2 versionspkg:rpm/opensuse/firefox-esr&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/MozillaFirefox&distro=openSUSE%20Tumbleweed
< 128.5.1-1.1+ 1 more
- (no CPE)range: < 128.5.1-1.1
- (no CPE)range: < 92.0-1.2
Patches
Vulnerability mechanics
References
5- www.securityfocus.com/bid/102786nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1040270nvdThird Party AdvisoryVDB Entry
- usn.ubuntu.com/3544-1/nvdThird Party Advisory
- www.mozilla.org/security/advisories/mfsa2018-02/nvdVendor Advisory
- bugzilla.mozilla.org/show_bug.cginvdIssue TrackingPermissions Required
News mentions
0No linked articles in our index yet.