SecuritySpace - CVE-2018-5167

Vulnerability Search		Search 324607 CVE descriptions and 146377 test descriptions, access 10,000+ cross references.
	Tests CVE All

CVE ID: CVE-2018-5167

Description: The web console and JavaScript debugger do not sanitize all output that can be hyperlinked. Both will display "chrome:" links as active, clickable hyperlinks in their output. Web sites should not be able to directly link to internal chrome pages. Additionally, the JavaScript debugger will display "javascript:" links, which users could be tricked into clicking by malicious sites. This vulnerability affects Firefox < 60.

Test IDs: None available

Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2018-5167
BugTraq ID: 104139
http://www.securityfocus.com/bid/104139
http://www.securitytracker.com/id/1040896
https://usn.ubuntu.com/3645-1/

CVE ID:	CVE-2018-5167
Description:	The web console and JavaScript debugger do not sanitize all output that can be hyperlinked. Both will display "chrome:" links as active, clickable hyperlinks in their output. Web sites should not be able to directly link to internal chrome pages. Additionally, the JavaScript debugger will display "javascript:" links, which users could be tricked into clicking by malicious sites. This vulnerability affects Firefox < 60.
Test IDs:	None available
Cross References:	Common Vulnerability Exposure (CVE) ID: CVE-2018-5167 BugTraq ID: 104139 http://www.securityfocus.com/bid/104139 http://www.securitytracker.com/id/1040896 https://usn.ubuntu.com/3645-1/