First published: Wed May 09 2018(Updated: )
If manipulated hyperlinked text with "chrome:" URL contained in it is dragged and dropped on the "home" icon, the home page can be reset to include a normally-unlinkable chrome page as one of the home page tabs. This vulnerability affects Firefox < 60.
Credit: security@mozilla.org security@mozilla.org
Affected Software | Affected Version | How to fix |
---|---|---|
Mozilla Firefox | <60 | 60 |
Canonical Ubuntu Linux | =14.04 | |
Canonical Ubuntu Linux | =16.04 | |
Canonical Ubuntu Linux | =17.10 | |
Canonical Ubuntu Linux | =18.04 | |
Mozilla Firefox | <60.0 | |
debian/firefox | 131.0.2-2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Found alongside the following vulnerabilities)
The vulnerability ID for this issue is CVE-2018-5169.
This vulnerability affects Firefox versions prior to 60.
This vulnerability can be exploited by dragging and dropping manipulated hyperlinked text with a "chrome:" URL onto the home icon in Firefox.
The severity level of CVE-2018-5169 is medium.
Yes, upgrading Firefox to version 60 or later will fix this vulnerability.