Lucene search
PRIOn knowledge basePRION:CVE-2018-5175HistoryJun 11, 2018 - 9:29 p.m.
Design/Logic Flaw
2018-06-1121:29:00
PRIOn knowledge base
www.prio-n.com
10
A mechanism to bypass Content Security Policy (CSP) protections on sites that have a “script-src” policy of “‘strict-dynamic’”. If a target website contains an HTML injection flaw an attacker could inject a reference to a copy of the “require.js” library that is part of Firefox’s Developer Tools, and then use a known technique using that library to bypass the CSP restrictions on executing injected scripts. This vulnerability affects Firefox < 60.
Related
ubuntucve
ubuntucve
CVE-2018-5175
2018-05-11 00:00:00
redhatcve
redhatcve
CVE-2018-5175
2018-05-10 06:19:34
debiancve
debiancve
CVE-2018-5175
2018-06-11 21:29:16
cve
cve
CVE-2018-5175
2018-06-11 21:29:16
nvd
nvd
CVE-2018-5175
2018-06-11 21:29:16
cvelist
cvelist
CVE-2018-5175
2018-06-11 21:00:00
ubuntu
ubuntu
Firefox regression
2018-05-18 00:00:00
Firefox vulnerabilities
2018-05-11 00:00:00
nessus
nessus
Mozilla Firefox < 60 Multiple Critical Vulnerabilities
2018-05-17 00:00:00
Mozilla Firefox < 60 Multiple Critical Vulnerabilities (macOS)
2018-05-17 00:00:00
openvas
openvas
Mozilla Firefox Security Advisories (MFSA2018-11, MFSA2018-12) - Windows
2018-05-11 00:00:00
Mozilla Firefox Security Advisories (MFSA2018-11, MFSA2018-12) - Mac OS X
2018-05-11 00:00:00
Ubuntu: Security Advisory (USN-3645-1)
2018-05-12 00:00:00
archlinux
archlinux
[ASA-201805-10] firefox: multiple issues
2018-05-13 00:00:00
mozilla
mozilla
Security vulnerabilities fixed in Firefox 60 — Mozilla
2018-05-09 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package firefox-esr version 60.0.1-alt1
2018-06-05 00:00:00
freebsd
freebsd
mozilla -- multiple vulnerabilities
2018-05-09 00:00:00
kaspersky
kaspersky
KLA11246 Multiple vulnerabilities in Mozilla Firefox and Firefox ESR
2018-05-09 00:00:00