Home

CVE-2018-5176

Description

The JSON Viewer displays clickable hyperlinks for strings that are parseable as URLs, including javascript: links. If a JSON file contains malicious JavaScript script embedded as javascript: links, users may be tricked into clicking and running this code in the context of the JSON Viewer. This can allow for the theft of cookies and authorization tokens which are accessible to that context. This vulnerability affects Firefox < 60.

Risk Information

Base Score
6.1
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS Score
Exploitation Probability
0.387

Associated Vulnerability

VulnerabilityOS Platform
Updates for Mozilla Firefox (60.0)Windows
Updates for Mozilla Firefox (x64) (60.0)Windows
Updates for Mozilla Firefox (60.0.1)Windows
Updates for Mozilla Firefox (x64) (60.0.1)Windows
Updates for Mozilla Firefox (60.0.2)Windows
Updates for Mozilla Firefox (x64) (60.0.2)Windows
Updates for Mozilla Firefox ESR (60.0.2)Windows
Updates for Mozilla Firefox ESR (x64) (60.0.2)Windows
Mozilla Firefox ESR (60.1.0)Windows
Mozilla Firefox ESR (x64) (60.1.0)Windows
Mozilla Firefox ESR (60.2.0)Windows
Mozilla Firefox ESR (x64) (60.2.0)Windows
Mozilla Firefox ESR (60.2.1)Windows
Mozilla Firefox ESR (x64) (60.2.1)Windows
Mozilla Firefox ESR (60.2.2)Windows
Mozilla Firefox ESR (x64) (60.2.2)Windows
Mozilla Firefox ESR (60.3.0)Windows
Mozilla Firefox ESR (x64) (60.3.0)Windows
Mozilla Firefox ESR (60.5.0)Windows
Mozilla Firefox ESR (60.5.1)Windows
Multiple vulnerabilities are fixed in Update for Mozilla Firefox For Mac (60.0)Mac
Multiple vulnerabilities are fixed in Update for Mozilla Firefox For Mac (60.0.1)Mac
Multiple vulnerabilities are fixed in Update for Mozilla Firefox For Mac (60.0.2)Mac
Multiple Vulnerabilities are affected in Mozilla Firefox for Mac 60Mac
SUSE-SU-2019:2872-1(SUSE Linux Enterprise Desktop 12-SP4 ) MozillaFirefox-68.2.0-109.95.2.x86_64.rpmLinux
SUSE-SU-2019:2872-1(SUSE Linux Enterprise Desktop 12-SP4 ) MozillaFirefox-debuginfo-68.2.0-109.95.2.x86_64.rpmLinux
SUSE-SU-2019:2872-1(SUSE Linux Enterprise Desktop 12-SP4 ) MozillaFirefox-debugsource-68.2.0-109.95.2.x86_64.rpmLinux
SUSE-SU-2019:2872-1(SUSE Linux Enterprise Desktop 12-SP4 ) MozillaFirefox-translations-common-68.2.0-109.95.2.x86_64.rpmLinux

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-307502Updates for Mozilla Firefox (60.0)
PATCH-307506Updates for Mozilla Firefox (x64) (60.0)
PATCH-307537Updates for Mozilla Firefox (60.0.1)
PATCH-307542Updates for Mozilla Firefox (x64) (60.0.1)
PATCH-307642Updates for Mozilla Firefox (60.0.2)
PATCH-307646Updates for Mozilla Firefox (x64) (60.0.2)
PATCH-307736Updates for Mozilla Firefox ESR (60.0.2)
PATCH-307744Updates for Mozilla Firefox ESR (x64) (60.0.2)
PATCH-307747Mozilla Firefox ESR (60.1.0)
PATCH-307748Mozilla Firefox ESR (x64) (60.1.0)
PATCH-308027Mozilla Firefox ESR (60.2.0)
PATCH-308035Mozilla Firefox ESR (x64) (60.2.0)
PATCH-308123Mozilla Firefox ESR (60.2.1)
PATCH-308125Mozilla Firefox ESR (x64) (60.2.1)
PATCH-308181Mozilla Firefox ESR (60.2.2)
PATCH-308183Mozilla Firefox ESR (x64) (60.2.2)
PATCH-308289Mozilla Firefox ESR (60.3.0)
PATCH-308293Mozilla Firefox ESR (x64) (60.3.0)
PATCH-308876Mozilla Firefox ESR (60.5.0)
PATCH-308982Mozilla Firefox ESR (60.5.1)
PATCH-607000Mozilla Firefox For Mac (124.0)
PATCH-607000Mozilla Firefox For Mac (124.0)
PATCH-607000Mozilla Firefox For Mac (124.0)
PATCH-611870Mozilla Firefox For Mac (142.0.1)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234