#VU12571 Information disclosure in Mozilla Firefox - CVE-2018-5181

Cybersecurity Help s.r.o.

Published: 2018-05-10

Vulnerability identifier: #VU12571

Vulnerability risk: Low

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2018-5181

CWE-ID: CWE-200

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Mozilla Firefox
Client/Desktop applications / Web browsers

Vendor: Mozilla

Description
The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to improper privileges or access controls. A remote attacker can drag and drop a URL using the file: protocol onto an open tab that is running in a different child process and cause the system to display local files in tabs or the hyperlink.

Mitigation
Update to version 60.0.

Vulnerable software versions

Mozilla Firefox: 59.0 - 59.0.2

External links
https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Arch Linux update for firefox

Multiple vulnerabilities in Mozilla Firefox