CVE-2018-5106: Infoleak
First published: Tue Jan 23 2018(Updated: )
Last updated 24 July 2024
Credit: security@mozilla.org security@mozilla.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mozilla Firefox | <58 | 58 |
| Mozilla Firefox | <=57.0.4 | |
| Canonical Ubuntu Linux | =14.04 | |
| Canonical Ubuntu Linux | =16.04 | |
| Canonical Ubuntu Linux | =17.10 | |
| debian/firefox | 131.0.2-2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.mozilla.org/show_bug.cgi?id=1408708
- https://www.mozilla.org/security/advisories/mfsa2018-02/
- https://usn.ubuntu.com/3544-1/
- http://www.securityfocus.com/bid/102786
- http://www.securitytracker.com/id/1040270
- https://launchpad.net/bugs/cve/CVE-2018-5106
- https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/
- https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5107
- https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5106
- https://security-tracker.debian.org/tracker/CVE-2018-5106
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5106
- https://nvd.nist.gov/vuln/detail/CVE-2018-5106
- https://ubuntu.com/security/CVE-2018-5106
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2018-5091
- CVE-2018-5092
- CVE-2018-5093
- CVE-2018-5094
- CVE-2018-5095
- CVE-2018-5097
- CVE-2018-5098
- CVE-2018-5099
- CVE-2018-5100
- CVE-2018-5101
- CVE-2018-5102
- CVE-2018-5103
- CVE-2018-5104
- CVE-2018-5105
- CVE-2018-5106
- CVE-2018-5107
- CVE-2018-5108
- CVE-2018-5109
- CVE-2018-5110
- CVE-2018-5111
- CVE-2018-5112
- CVE-2018-5113
- CVE-2018-5114
- CVE-2018-5115
- CVE-2018-5116
- CVE-2018-5117
- CVE-2018-5118
- CVE-2018-5119
- CVE-2018-5121
- CVE-2018-5122
- CVE-2018-5090
- CVE-2018-5089
Frequently Asked Questions
What is CVE-2018-5106?
CVE-2018-5106 is a vulnerability that allows style editor traffic in the Developer Tools to be routed through a service worker hosted on a third-party website, potentially leaking cross-origin information.
Which software is affected by CVE-2018-5106?
This vulnerability affects Firefox versions up to but excluding 58.0, as well as certain versions of the Firefox package in Ubuntu and Canonical Ubuntu Linux.
What is the severity of CVE-2018-5106?
CVE-2018-5106 has a severity level of medium, with a severity value of 5.3.
How can I fix CVE-2018-5106?
To fix CVE-2018-5106, you should update your Firefox browser to version 58.0 or later. Additionally, ensure that your Ubuntu or Canonical Ubuntu Linux system is updated to include the recommended versions of the Firefox package.
Where can I find more information about CVE-2018-5106?
You can find more information about CVE-2018-5106 in the following references: [https://bugzilla.mozilla.org/show_bug.cgi?id=1408708](https://bugzilla.mozilla.org/show_bug.cgi?id=1408708), [https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/](https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/), [https://www.mozilla.org/security/advisories/mfsa2018-02/](https://www.mozilla.org/security/advisories/mfsa2018-02/)
- collector/launchpad-cve
- source/Launchpad
- agent/type
- agent/first-publish-date
- agent/author
- agent/weakness
- agent/severity
- collector/mozilla-advisory
- agent/software-canonical-lookup-request
- source/Mozilla
- agent/software-canonical-lookup
- collector/nvd-cve
- source/NVD
- collector/nvd-index
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- collector/usn-cve
- source/Ubuntu
- agent/references
- agent/softwarecombine
- agent/tags
- agent/description
- agent/event
- collector/security-tracker-debian
- source/Debian
- vendor/mozilla
- canonical/mozilla firefox
- version/mozilla firefox/57.0.4
- vendor/canonical
- canonical/canonical ubuntu linux
- version/canonical ubuntu linux/14.04
- version/canonical ubuntu linux/16.04
- version/canonical ubuntu linux/17.10
- package-manager/debian