CVE-2018-5172

Name
CVE-2018-5172
Description
The Live Bookmarks page and the PDF viewer can run injected script content if a user pastes script from the clipboard into them while viewing RSS feeds or PDF files. This could allow a malicious site to socially engineer a user to copy and paste malicious script content that could then run with the context of either page but does not allow for privilege escalation. This vulnerability affects Firefox < 60.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Vendor Advisory https://www.mozilla.org/security/advisories/mfsa2018-11/
Issue Tracking https://bugzilla.mozilla.org/show_bug.cgi?id=1436482
Third Party Advisory https://usn.ubuntu.com/3645-1/
Third Party Advisory http://www.securitytracker.com/id/1040896
Third Party Advisory http://www.securityfocus.com/bid/104139

Match rules

CPE URI Source package Min version Max version
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:* ubuntu_linux == None == 18.04
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:* ubuntu_linux == None == 16.04
cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:* ubuntu_linux == None == 17.10
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:* ubuntu_linux == None == 14.04

Vulnerable and fixed packages

Source package Branch Version Maintainer Status