CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
87.0%
Multiple security issues were discovered in Firefox. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service via application
crash or opening new tabs, escape the sandbox, bypass same-origin
restrictions, obtain sensitive information, confuse the user with
misleading permission requests, or execute arbitrary code. (CVE-2018-5125,
CVE-2018-5126, CVE-2018-5127, CVE-2018-5128, CVE-2018-5129, CVE-2018-5130,
CVE-2018-5136, CVE-2018-5137, CVE-2018-5140, CVE-2018-5141, CVE-2018-5142)
It was discovered that the fetch() API could incorrectly return cached
copies of no-store/no-cache resources in some circumstances. A local
attacker could potentially exploit this to obtain sensitive information in
environments where multiple users share a common profile. (CVE-2018-5131)
Multiple security issues were discovered with WebExtensions. If a user
were tricked in to installing a specially crafted extension, an attacker
could potentially exploit these to obtain sensitive information or bypass
security restrictions. (CVE-2018-5132, CVE-2018-5134, CVE-2018-5135)
It was discovered that the value of app.support.baseURL is not sanitized
properly. If a malicious local application were to set this to a specially
crafted value, an attacker could potentially exploit this to execute
arbitrary code. (CVE-2018-5133)
It was discovered that javascript: URLs with embedded tab characters could
be pasted in to the addressbar. If a user were tricked in to copying a
specially crafted URL in to the addressbar, an attacker could exploit this
to conduct cross-site scripting (XSS) attacks. (CVE-2018-5143)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 17.10 | noarch | firefox | < 59.0+build5-0ubuntu0.17.10.1 | UNKNOWN |
Ubuntu | 17.10 | noarch | firefox-dbg | < 59.0+build5-0ubuntu0.17.10.1 | UNKNOWN |
Ubuntu | 17.10 | noarch | firefox-dev | < 59.0+build5-0ubuntu0.17.10.1 | UNKNOWN |
Ubuntu | 17.10 | noarch | firefox-globalmenu | < 59.0+build5-0ubuntu0.17.10.1 | UNKNOWN |
Ubuntu | 17.10 | noarch | firefox-locale-af | < 59.0+build5-0ubuntu0.17.10.1 | UNKNOWN |
Ubuntu | 17.10 | noarch | firefox-locale-an | < 59.0+build5-0ubuntu0.17.10.1 | UNKNOWN |
Ubuntu | 17.10 | noarch | firefox-locale-ar | < 59.0+build5-0ubuntu0.17.10.1 | UNKNOWN |
Ubuntu | 17.10 | noarch | firefox-locale-as | < 59.0+build5-0ubuntu0.17.10.1 | UNKNOWN |
Ubuntu | 17.10 | noarch | firefox-locale-ast | < 59.0+build5-0ubuntu0.17.10.1 | UNKNOWN |
Ubuntu | 17.10 | noarch | firefox-locale-az | < 59.0+build5-0ubuntu0.17.10.1 | UNKNOWN |
ubuntu.com/security/CVE-2018-5125
ubuntu.com/security/CVE-2018-5126
ubuntu.com/security/CVE-2018-5127
ubuntu.com/security/CVE-2018-5128
ubuntu.com/security/CVE-2018-5129
ubuntu.com/security/CVE-2018-5130
ubuntu.com/security/CVE-2018-5131
ubuntu.com/security/CVE-2018-5132
ubuntu.com/security/CVE-2018-5133
ubuntu.com/security/CVE-2018-5134
ubuntu.com/security/CVE-2018-5135
ubuntu.com/security/CVE-2018-5136
ubuntu.com/security/CVE-2018-5137
ubuntu.com/security/CVE-2018-5140
ubuntu.com/security/CVE-2018-5141
ubuntu.com/security/CVE-2018-5142
ubuntu.com/security/CVE-2018-5143
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
87.0%