CVE-2018-5157
11.06.2018, 21:29
Same-origin protections for the PDF viewer can be bypassed, allowing a malicious site to intercept messages meant for the viewer. This could allow the site to retrieve PDF files restricted to viewing by an authenticated user on a third-party website. This vulnerability affects Firefox ESR < 52.8 and Firefox < 60.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux_desktop | 6.0 |
| redhat | enterprise_linux_desktop | 7.0 |
| redhat | enterprise_linux_server | 6.0 |
| redhat | enterprise_linux_server | 7.0 |
| redhat | enterprise_linux_server_aus | 7.6 |
| redhat | enterprise_linux_server_eus | 7.5 |
| redhat | enterprise_linux_server_eus | 7.6 |
| redhat | enterprise_linux_server_tus | 7.6 |
| redhat | enterprise_linux_workstation | 6.0 |
| redhat | enterprise_linux_workstation | 7.0 |
| debian | debian_linux | 7.0 |
| debian | debian_linux | 8.0 |
| debian | debian_linux | 9.0 |
| canonical | ubuntu_linux | 14.04 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 17.10 |
| canonical | ubuntu_linux | 18.04 |
| mozilla | firefox | 𝑥 < 52.8.0 |
| mozilla | firefox | 𝑥 < 60.0 |
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
| Vendor | Product | Version | Source |
|---|---|---|---|
| mozilla | firefox_esr | 𝑥 < 52.8 | CNA |
| mozilla | firefox_esr | 𝑥 < 60 | CNA |
Debian Releases
Ubuntu Releases
openSUSE / SLES Releases
openSUSE Product | |||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| MozillaFirefox |
| ||||||||||||||||||||||||||||||||||||||||||
| MozillaFirefox-devel |
| ||||||||||||||||||||||||||||||||||||||||||
| MozillaFirefox-translations-common |
| ||||||||||||||||||||||||||||||||||||||||||
| MozillaFirefox-translations-other |
|
Red Hat Enterprise Linux Releases
Common Weakness Enumeration
References