CVE-2018-5124
Description
Unsanitized output in the browser UI leaves HTML tags in place and can result in arbitrary code execution in Firefox before version 58.0.1.
Risk Information
Base Score
6.1
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS Score
Exploitation Probability
0.557
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerability CVE-2018-5124 are affected in Mozilla Firefox 58.0 | Windows |
| Vulnerabilities CVE-2018-5124 are fixed in Update for Mozilla Firefox For Mac (58.0.1) | Mac |
| Vulnerabilities CVE-2018-5089,CVE-2018-5124 are affected in Mozilla Firefox for Mac 58.0 | Mac |
| Mozilla Open Source web browser (USN-3552-1) firefox_58.0.1+build1-0ubuntu0.14.04.1_i386.deb | Linux |
| Mozilla Open Source web browser (USN-3552-1) firefox_58.0.1+build1-0ubuntu0.14.04.1_amd64.deb | Linux |
| Mozilla Open Source web browser (USN-3552-1) firefox_58.0.1+build1-0ubuntu0.16.04.1_i386.deb | Linux |
| Mozilla Open Source web browser (USN-3552-1) firefox_58.0.1+build1-0ubuntu0.16.04.1_amd64.deb | Linux |
| Mozilla Open Source web browser (USN-3552-1) firefox_58.0.1+build1-0ubuntu0.17.10.1_i386.deb | Linux |
| Mozilla Open Source web browser (USN-3552-1) firefox_58.0.1+build1-0ubuntu0.17.10.1_amd64.deb | Linux |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-343015 | Mozilla Firefox (132.0.2) |
| PATCH-607000 | Mozilla Firefox For Mac (124.0) |
| PATCH-611870 | Mozilla Firefox For Mac (142.0.1) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234