SecuritySpace - CVE-2018-5176

Vulnerability Search		Search 324607 CVE descriptions and 146377 test descriptions, access 10,000+ cross references.
	Tests CVE All

CVE ID: CVE-2018-5176

Description: The JSON Viewer displays clickable hyperlinks for strings that are parseable as URLs, including "javascript:" links. If a JSON file contains malicious JavaScript script embedded as "javascript:" links, users may be tricked into clicking and running this code in the context of the JSON Viewer. This can allow for the theft of cookies and authorization tokens which are accessible to that context. This vulnerability affects Firefox < 60.

Test IDs: None available

Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2018-5176
BugTraq ID: 104139
http://www.securityfocus.com/bid/104139
http://www.securitytracker.com/id/1040896
https://usn.ubuntu.com/3645-1/

CVE ID:	CVE-2018-5176
Description:	The JSON Viewer displays clickable hyperlinks for strings that are parseable as URLs, including "javascript:" links. If a JSON file contains malicious JavaScript script embedded as "javascript:" links, users may be tricked into clicking and running this code in the context of the JSON Viewer. This can allow for the theft of cookies and authorization tokens which are accessible to that context. This vulnerability affects Firefox < 60.
Test IDs:	None available
Cross References:	Common Vulnerability Exposure (CVE) ID: CVE-2018-5176 BugTraq ID: 104139 http://www.securityfocus.com/bid/104139 http://www.securitytracker.com/id/1040896 https://usn.ubuntu.com/3645-1/