CVE-2018-5143: XSS

Reference Links

• https://bugzilla.mozilla.org/show_bug.cgi?id=1422643
• https://www.mozilla.org/security/advisories/mfsa2018-06/
• https://usn.ubuntu.com/3596-1/
• http://www.securityfocus.com/bid/103386
• http://www.securitytracker.com/id/1040514
• https://launchpad.net/bugs/cve/CVE-2018-5143
• https://www.mozilla.org/en-US/security/advisories/mfsa2018-06/
• https://security-tracker.debian.org/tracker/CVE-2018-5143
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5143
• https://nvd.nist.gov/vuln/detail/CVE-2018-5143
• https://ubuntu.com/security/CVE-2018-5143

Parent vulnerabilities

(Appears in the following advisories)

• MFSA2018-06

Peer vulnerabilities

(Found alongside the following vulnerabilities)

• CVE-2018-5127
• CVE-2018-5128
• CVE-2018-5129
• CVE-2018-5130
• CVE-2018-5131
• CVE-2018-5132
• CVE-2018-5133
• CVE-2018-5134
• CVE-2018-5135
• CVE-2018-5136
• CVE-2018-5137
• CVE-2018-5138
• CVE-2018-5140
• CVE-2018-5141
• CVE-2018-5142
• CVE-2018-5143
• CVE-2018-5126
• CVE-2018-5125

Frequently Asked Questions

• What is CVE-2018-5143?

  CVE-2018-5143 is a vulnerability in Mozilla Firefox where the protocol is not removed from a 'javascript:' URL if it contains a tab character, allowing the execution of scripts.

• What is the severity of CVE-2018-5143?

  The severity of CVE-2018-5143 is medium with a CVSS score of 6.1.

• Which software is affected by CVE-2018-5143?

  Mozilla Firefox versions up to and exclusive of 59.0, Canonical Ubuntu Linux 14.04, 16.04, and 17.10.

• How can I fix CVE-2018-5143 in Mozilla Firefox?

  Update Mozilla Firefox to version 59.0 or higher.

• Where can I find more information about CVE-2018-5143?

  You can find more information about CVE-2018-5143 at the following links: [Bugzilla](https://bugzilla.mozilla.org/show_bug.cgi?id=1422643), [Mozilla Security Advisory](https://www.mozilla.org/en-US/security/advisories/mfsa2018-06/), [SecurityFocus](http://www.securityfocus.com/bid/103386).