vulnerability

Ubuntu: (Multiple Advisories) (CVE-2018-5143): Firefox vulnerabilities

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:M/Au:N/C:N/I:P/A:N)	2018-03-14	2018-04-26	2024-11-27

Severity

CVSS

(AV:N/AC:M/Au:N/C:N/I:P/A:N)

Published

2018-03-14

Added

2018-04-26

Modified

2024-11-27

Description

URLs using "javascript:" have the protocol removed when pasted into the addressbar to protect users from cross-site scripting (XSS) attacks, but if a tab character is embedded in the "javascript:" URL the protocol is not removed and the script will execute. This could allow users to be socially engineered to run an XSS attack against themselves. This vulnerability affects Firefox

Solution

ubuntu-upgrade-firefox

References

CVE-2018-5143
https://attackerkb.com/topics/CVE-2018-5143
NVD-CVE-2018-5143
UBUNTU-USN-3596-1
UBUNTU-USN-3596-2

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today