CVE-2018-5165
Description
In 32-bit versions of Firefox, the Adobe Flash plugin setting for Enable Adobe Flash protected mode is unchecked by default even though the Adobe Flash sandbox is actually enabled. The displayed state is the reverse of the true setting, resulting in user confusion. This could cause users to select this setting intending to activate it and inadvertently turn protections off. This vulnerability affects Firefox < 60.
Risk Information
Base Score
5.3
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
EPSS Score
Exploitation Probability
0.769
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Updates for Mozilla Firefox (60.0) | Windows |
| Updates for Mozilla Firefox (x64) (60.0) | Windows |
| Updates for Mozilla Firefox (60.0.1) | Windows |
| Updates for Mozilla Firefox (x64) (60.0.1) | Windows |
| Updates for Mozilla Firefox (60.0.2) | Windows |
| Updates for Mozilla Firefox (x64) (60.0.2) | Windows |
| Updates for Mozilla Firefox ESR (60.0.2) | Windows |
| Updates for Mozilla Firefox ESR (x64) (60.0.2) | Windows |
| Mozilla Firefox ESR (60.1.0) | Windows |
| Mozilla Firefox ESR (x64) (60.1.0) | Windows |
| Mozilla Firefox ESR (60.2.0) | Windows |
| Mozilla Firefox ESR (x64) (60.2.0) | Windows |
| Mozilla Firefox ESR (60.2.1) | Windows |
| Mozilla Firefox ESR (x64) (60.2.1) | Windows |
| Mozilla Firefox ESR (60.2.2) | Windows |
| Mozilla Firefox ESR (x64) (60.2.2) | Windows |
| Mozilla Firefox ESR (60.3.0) | Windows |
| Mozilla Firefox ESR (x64) (60.3.0) | Windows |
| Mozilla Firefox ESR (60.5.0) | Windows |
| Mozilla Firefox ESR (60.5.1) | Windows |
| Vulnerabilities CVE-2018-5165 are affected in Mozilla Firefox (x64) 59.99 | Windows |
| Vulnerabilities CVE-2018-5165 are affected in Mozilla_Firefox 59.99 | Windows |
| Multiple vulnerabilities are fixed in Update for Mozilla Firefox For Mac (60.0) | Mac |
| Multiple vulnerabilities are fixed in Update for Mozilla Firefox For Mac (60.0.1) | Mac |
| Multiple vulnerabilities are fixed in Update for Mozilla Firefox For Mac (60.0.2) | Mac |
| Multiple Vulnerabilities are affected in Mozilla Firefox for Mac * | Mac |
| SUSE-SU-2019:2872-1(SUSE Linux Enterprise Desktop 12-SP4 ) MozillaFirefox-68.2.0-109.95.2.x86_64.rpm | Linux |
| SUSE-SU-2019:2872-1(SUSE Linux Enterprise Desktop 12-SP4 ) MozillaFirefox-debuginfo-68.2.0-109.95.2.x86_64.rpm | Linux |
| SUSE-SU-2019:2872-1(SUSE Linux Enterprise Desktop 12-SP4 ) MozillaFirefox-debugsource-68.2.0-109.95.2.x86_64.rpm | Linux |
| SUSE-SU-2019:2872-1(SUSE Linux Enterprise Desktop 12-SP4 ) MozillaFirefox-translations-common-68.2.0-109.95.2.x86_64.rpm | Linux |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-307502 | Updates for Mozilla Firefox (60.0) |
| PATCH-307506 | Updates for Mozilla Firefox (x64) (60.0) |
| PATCH-307537 | Updates for Mozilla Firefox (60.0.1) |
| PATCH-307542 | Updates for Mozilla Firefox (x64) (60.0.1) |
| PATCH-307642 | Updates for Mozilla Firefox (60.0.2) |
| PATCH-307646 | Updates for Mozilla Firefox (x64) (60.0.2) |
| PATCH-307736 | Updates for Mozilla Firefox ESR (60.0.2) |
| PATCH-307744 | Updates for Mozilla Firefox ESR (x64) (60.0.2) |
| PATCH-307747 | Mozilla Firefox ESR (60.1.0) |
| PATCH-307748 | Mozilla Firefox ESR (x64) (60.1.0) |
| PATCH-308027 | Mozilla Firefox ESR (60.2.0) |
| PATCH-308035 | Mozilla Firefox ESR (x64) (60.2.0) |
| PATCH-308123 | Mozilla Firefox ESR (60.2.1) |
| PATCH-308125 | Mozilla Firefox ESR (x64) (60.2.1) |
| PATCH-308181 | Mozilla Firefox ESR (60.2.2) |
| PATCH-308183 | Mozilla Firefox ESR (x64) (60.2.2) |
| PATCH-308289 | Mozilla Firefox ESR (60.3.0) |
| PATCH-308293 | Mozilla Firefox ESR (x64) (60.3.0) |
| PATCH-308876 | Mozilla Firefox ESR (60.5.0) |
| PATCH-308982 | Mozilla Firefox ESR (60.5.1) |
| PATCH-607000 | Mozilla Firefox For Mac (124.0) |
| PATCH-607000 | Mozilla Firefox For Mac (124.0) |
| PATCH-607000 | Mozilla Firefox For Mac (124.0) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234