Bug 1078314 – VUL-0: CVE-2018-5124: MozillaFirefox: Arbitrary code execution through unsanitized browser UI

Bug 1078314 - (CVE-2018-5124) VUL-0: CVE-2018-5124: MozillaFirefox: Arbitrary code execution through unsanitized browser UI

(CVE-2018-5124)
Summary:	VUL-0: CVE-2018-5124: MozillaFirefox: Arbitrary code execution through unsani...

Status:	RESOLVED FIXED

Classification:	openSUSE
Product:	openSUSE Distribution
Classification:	openSUSE
Component:	Security
Version:	Leap 42.3
Hardware:	Other Other

Priority:	P5 - None Severity: Major (vote)
Target Milestone:	---
Assigned To:	Wolfgang Rosenauer
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/199188/
Whiteboard:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2018-01-30 14:56 UTC by Andreas Stieger
Modified:	2018-01-30 14:56 UTC (History)
CC List:	0 users

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Andreas Stieger 2018-01-30 14:56:13 UTC

https://www.mozilla.org/en-US/security/advisories/mfsa2018-05/

Fixed in Firefox 58.0.1

Description: Mozilla developer Johann Hofmann reported that unsanitized output in the browser UI can lead to arbitrary code execution.

This issue did not affect Firefox for Android or Firefox 52 ESR.

Tumbleweed only.

References:
https://bugzilla.mozilla.org/show_bug.cgi?id=1432966
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5124
https://www.mozilla.org/en-US/security/advisories/mfsa2018-05/

Comment 1 Andreas Stieger 2018-01-30 14:56:57 UTC

https://build.opensuse.org/request/show/570846