Unrated severityNVD Advisory· Published Jun 11, 2018· Updated Aug 5, 2024
CVE-2018-5176
CVE-2018-5176
Description
The JSON Viewer displays clickable hyperlinks for strings that are parseable as URLs, including "javascript:" links. If a JSON file contains malicious JavaScript script embedded as "javascript:" links, users may be tricked into clicking and running this code in the context of the JSON Viewer. This can allow for the theft of cookies and authorization tokens which are accessible to that context. This vulnerability affects Firefox < 60.
Affected products
23- osv-coords22 versionspkg:rpm/opensuse/firefox-esr&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/MozillaFirefox&distro=openSUSE%20Tumbleweedpkg:rpm/suse/MozillaFirefox&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Enterprise%20Storage%205pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP4pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSSpkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSSpkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCLpkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSSpkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP4pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/MozillaFirefox&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/MozillaFirefox&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/MozillaFirefox&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208
< 128.5.1-1.1+ 21 more
- (no CPE)range: < 128.5.1-1.1
- (no CPE)range: < 92.0-1.2
- (no CPE)range: < 68.2.0-109.95.2
- (no CPE)range: < 68.2.0-109.95.2
- (no CPE)range: < 68.2.0-109.95.2
- (no CPE)range: < 68.2.0-109.95.2
- (no CPE)range: < 68.2.0-109.95.2
- (no CPE)range: < 68.2.0-109.95.2
- (no CPE)range: < 68.2.0-109.95.2
- (no CPE)range: < 68.2.0-109.95.2
- (no CPE)range: < 68.2.0-109.95.2
- (no CPE)range: < 68.2.0-109.95.2
- (no CPE)range: < 68.2.0-109.95.2
- (no CPE)range: < 68.2.0-109.95.2
- (no CPE)range: < 68.2.0-109.95.2
- (no CPE)range: < 68.2.0-109.95.2
- (no CPE)range: < 68.2.0-109.95.2
- (no CPE)range: < 68.2.0-109.95.2
- (no CPE)range: < 68.2.0-109.95.2
- (no CPE)range: < 68.2.0-109.95.2
- (no CPE)range: < 68.2.0-109.95.2
- (no CPE)range: < 68.2.0-109.95.2
- Range: unspecified
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- usn.ubuntu.com/3645-1/mitrevendor-advisoryx_refsource_UBUNTU
- www.securityfocus.com/bid/104139mitrevdb-entryx_refsource_BID
- www.securitytracker.com/id/1040896mitrevdb-entryx_refsource_SECTRACK
- bugzilla.mozilla.org/show_bug.cgimitrex_refsource_CONFIRM
- www.mozilla.org/security/advisories/mfsa2018-11/mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.