CVE-2018-5172: XSS
First published: Wed May 09 2018(Updated: )
Last updated 24 July 2024
Credit: security@mozilla.org security@mozilla.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mozilla Firefox | <60 | 60 |
| Canonical Ubuntu Linux | =14.04 | |
| Canonical Ubuntu Linux | =16.04 | |
| Canonical Ubuntu Linux | =17.10 | |
| Canonical Ubuntu Linux | =18.04 | |
| Mozilla Firefox | <60.0 | |
| debian/firefox | 130.0.1-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.mozilla.org/show_bug.cgi?id=1436482
- https://www.mozilla.org/security/advisories/mfsa2018-11/
- https://usn.ubuntu.com/3645-1/
- http://www.securityfocus.com/bid/104139
- http://www.securitytracker.com/id/1040896
- https://launchpad.net/bugs/cve/CVE-2018-5172
- https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/
- https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5172
- https://security-tracker.debian.org/tracker/CVE-2018-5172
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5172
- https://nvd.nist.gov/vuln/detail/CVE-2018-5172
- https://ubuntu.com/security/CVE-2018-5172
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2018-5154
- CVE-2018-5155
- CVE-2018-5157
- CVE-2018-5158
- CVE-2018-5159
- CVE-2018-5160
- CVE-2018-5152
- CVE-2018-5153
- CVE-2018-5163
- CVE-2018-5164
- CVE-2018-5166
- CVE-2018-5167
- CVE-2018-5168
- CVE-2018-5169
- CVE-2018-5172
- CVE-2018-5173
- CVE-2018-5174
- CVE-2018-5175
- CVE-2018-5176
- CVE-2018-5177
- CVE-2018-5165
- CVE-2018-5180
- CVE-2018-5181
- CVE-2018-5182
- CVE-2018-5179
- CVE-2018-5151
- CVE-2018-5150
Frequently Asked Questions
What is CVE-2018-5172?
CVE-2018-5172 is a vulnerability that allows the execution of injected script content when a user pastes script from the clipboard into the Live Bookmarks page or the PDF viewer in Firefox.
Who is affected by CVE-2018-5172?
Users of Mozilla Firefox versions up to 60.0 and Ubuntu Linux versions 14.04, 16.04, 17.10, and 18.04 with Firefox versions up to 60.0 are affected.
What is the severity of CVE-2018-5172?
CVE-2018-5172 has a severity rating of medium.
How can I protect myself from CVE-2018-5172?
Update your Mozilla Firefox to version 60.0 or later and ensure that you are using the latest version of Ubuntu Linux.
Where can I get more information about CVE-2018-5172?
You can find more information about CVE-2018-5172 on the Mozilla Bugzilla, Mozilla Security Advisories, and SecurityFocus websites.
- agent/type
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- agent/author
- agent/severity
- agent/weakness
- agent/description
- collector/mozilla-advisory
- agent/software-canonical-lookup-request
- source/Mozilla
- agent/software-canonical-lookup
- collector/nvd-cve
- source/NVD
- collector/nvd-index
- agent/references
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/tags
- collector/security-tracker-debian
- source/Debian
- agent/softwarecombine
- collector/usn-cve
- source/Ubuntu
- vendor/mozilla
- canonical/mozilla firefox
- vendor/canonical
- canonical/canonical ubuntu linux
- version/canonical ubuntu linux/14.04
- version/canonical ubuntu linux/16.04
- version/canonical ubuntu linux/17.10
- version/canonical ubuntu linux/18.04
- package-manager/debian