Home

CVE-2018-5157

Description

Same-origin protections for the PDF viewer can be bypassed, allowing a malicious site to intercept messages meant for the viewer. This could allow the site to retrieve PDF files restricted to viewing by an authenticated user on a third-party website. This vulnerability affects Firefox ESR < 52.8 and Firefox < 60.

Risk Information

Base Score
7.5
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
0.587

Associated Vulnerability

VulnerabilityOS Platform
Updates for Mozilla Firefox (60.0)Windows
Updates for Mozilla Firefox ESR (52.8.0)Windows
Updates for Mozilla Firefox (x64) (60.0)Windows
Updates for Mozilla Firefox ESR (x64) (52.8.0)Windows
Updates for Mozilla Firefox (60.0.1)Windows
Updates for Mozilla Firefox (x64) (60.0.1)Windows
Updates for Mozilla Firefox (60.0.2)Windows
Updates for Mozilla Firefox ESR (52.8.1)Windows
Updates for Mozilla Firefox (x64) (60.0.2)Windows
Updates for Mozilla Firefox ESR (x64) (52.8.1)Windows
Updates for Mozilla Firefox ESR (60.0.2)Windows
Updates for Mozilla Firefox ESR (x64) (60.0.2)Windows
Mozilla Firefox ESR (60.1.0)Windows
Mozilla Firefox ESR (x64) (60.1.0)Windows
Mozilla Firefox ESR (60.2.0)Windows
Mozilla Firefox ESR (x64) (60.2.0)Windows
Mozilla Firefox ESR (60.2.1)Windows
Mozilla Firefox ESR (x64) (60.2.1)Windows
Mozilla Firefox ESR (60.2.2)Windows
Mozilla Firefox ESR (x64) (60.2.2)Windows
Mozilla Firefox ESR (60.3.0)Windows
Mozilla Firefox ESR (x64) (60.3.0)Windows
Mozilla Firefox ESR (60.5.0)Windows
Mozilla Firefox ESR (60.5.1)Windows
Multiple vulnerabilities are fixed in Update for Mozilla Firefox For Mac (60.0)Mac
Multiple vulnerabilities are fixed in Update for Mozilla Firefox For Mac (60.0.1)Mac
Multiple vulnerabilities are fixed in Update for Mozilla Firefox For Mac (60.0.2)Mac
Multiple Vulnerabilities are affected in Firefox ESR for Mac 52.7.4Mac
Multiple Vulnerabilities are affected in Mozilla Firefox for Mac 52.7.4Mac
Multiple Vulnerabilities are affected in Mozilla Firefox for Mac 60Mac
Multiple vulnerabilities are fixed in Mozilla Firefox For Mac 52.8Mac
firefox-esr security update(DSA-4199-1) firefox-esr_52.8.0esr-1~deb8u1_i386.debLinux
firefox-esr security update(DSA-4199-1) firefox-esr_52.8.0esr-1~deb8u1_amd64.debLinux
firefox-esr security update(DSA-4199-1) firefox-esr_52.8.0esr-1~deb9u1_i386.debLinux
firefox-esr security update(DSA-4199-1) firefox-esr_52.8.0esr-1~deb9u1_amd64.debLinux
SUSE-SU-2019:2872-1(SUSE Linux Enterprise Desktop 12-SP4 ) MozillaFirefox-68.2.0-109.95.2.x86_64.rpmLinux
SUSE-SU-2019:2872-1(SUSE Linux Enterprise Desktop 12-SP4 ) MozillaFirefox-debuginfo-68.2.0-109.95.2.x86_64.rpmLinux
SUSE-SU-2019:2872-1(SUSE Linux Enterprise Desktop 12-SP4 ) MozillaFirefox-debugsource-68.2.0-109.95.2.x86_64.rpmLinux
SUSE-SU-2019:2872-1(SUSE Linux Enterprise Desktop 12-SP4 ) MozillaFirefox-translations-common-68.2.0-109.95.2.x86_64.rpmLinux

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-307502Updates for Mozilla Firefox (60.0)
PATCH-307503Updates for Mozilla Firefox ESR (52.8.0)
PATCH-307506Updates for Mozilla Firefox (x64) (60.0)
PATCH-307508Updates for Mozilla Firefox ESR (x64) (52.8.0)
PATCH-307537Updates for Mozilla Firefox (60.0.1)
PATCH-307542Updates for Mozilla Firefox (x64) (60.0.1)
PATCH-307642Updates for Mozilla Firefox (60.0.2)
PATCH-307643Updates for Mozilla Firefox ESR (52.8.1)
PATCH-307646Updates for Mozilla Firefox (x64) (60.0.2)
PATCH-307647Updates for Mozilla Firefox ESR (x64) (52.8.1)
PATCH-307736Updates for Mozilla Firefox ESR (60.0.2)
PATCH-307744Updates for Mozilla Firefox ESR (x64) (60.0.2)
PATCH-307747Mozilla Firefox ESR (60.1.0)
PATCH-307748Mozilla Firefox ESR (x64) (60.1.0)
PATCH-308027Mozilla Firefox ESR (60.2.0)
PATCH-308035Mozilla Firefox ESR (x64) (60.2.0)
PATCH-308123Mozilla Firefox ESR (60.2.1)
PATCH-308125Mozilla Firefox ESR (x64) (60.2.1)
PATCH-308181Mozilla Firefox ESR (60.2.2)
PATCH-308183Mozilla Firefox ESR (x64) (60.2.2)
PATCH-308289Mozilla Firefox ESR (60.3.0)
PATCH-308293Mozilla Firefox ESR (x64) (60.3.0)
PATCH-308876Mozilla Firefox ESR (60.5.0)
PATCH-308982Mozilla Firefox ESR (60.5.1)
PATCH-607000Mozilla Firefox For Mac (124.0)
PATCH-607000Mozilla Firefox For Mac (124.0)
PATCH-607000Mozilla Firefox For Mac (124.0)
PATCH-611808Mozilla Firefox ESR for MAC 128.14.0
PATCH-611870Mozilla Firefox For Mac (142.0.1)
PATCH-611870Mozilla Firefox For Mac (142.0.1)
PATCH-612783Mozilla Firefox For Mac (145.0.1)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234