Bug 1078314 (CVE-2018-5124)

Summary: VUL-0: CVE-2018-5124: MozillaFirefox: Arbitrary code execution through unsanitized browser UI
Product: [openSUSE] openSUSE Distribution Reporter: Andreas Stieger <astieger>
Component: SecurityAssignee: Wolfgang Rosenauer <wolfgang>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Major    
Priority: P5 - None    
Version: Leap 42.3   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/199188/
Whiteboard:
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Andreas Stieger 2018-01-30 14:56:13 UTC 
https://www.mozilla.org/en-US/security/advisories/mfsa2018-05/

Fixed in Firefox 58.0.1

Description: Mozilla developer Johann Hofmann reported that unsanitized output in the browser UI can lead to arbitrary code execution.

This issue did not affect Firefox for Android or Firefox 52 ESR.

Tumbleweed only.

References:
https://bugzilla.mozilla.org/show_bug.cgi?id=1432966
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5124
https://www.mozilla.org/en-US/security/advisories/mfsa2018-05/
Comment 1 Andreas Stieger 2018-01-30 14:56:57 UTC 
https://build.opensuse.org/request/show/570846