vulnerability

SUSE: CVE-2018-5167: SUSE Linux Security Advisory

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:M/Au:N/C:N/I:P/A:N)	May 9, 2018	May 19, 2018	Feb 8, 2021

Severity

CVSS

(AV:N/AC:M/Au:N/C:N/I:P/A:N)

Published

May 9, 2018

Added

May 19, 2018

Modified

Feb 8, 2021

Description

The web console and JavaScript debugger do not sanitize all output that can be hyperlinked. Both will display "chrome:" links as active, clickable hyperlinks in their output. Web sites should not be able to directly link to internal chrome pages. Additionally, the JavaScript debugger will display "javascript:" links, which users could be tricked into clicking by malicious sites. This vulnerability affects Firefox < 60.

Solutions

suse-upgrade-mozillafirefoxsuse-upgrade-mozillafirefox-develsuse-upgrade-mozillafirefox-translations-commonsuse-upgrade-mozillafirefox-translations-other

References

SUSE-SUSE-SU-2019:2872-1
UBUNTU-USN-3645-1
UBUNTU-USN-3645-2
NVD-CVE-2018-5167

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report