1078314 – (CVE-2018-5124) VUL-0: CVE-2018-5124: MozillaFirefox: Arbitrary code execution through unsanitized browser UI

Bug 1078314 (CVE-2018-5124) - VUL-0: CVE-2018-5124: MozillaFirefox: Arbitrary code execution through unsanitized browser UI

Summary: VUL-0: CVE-2018-5124: MozillaFirefox: Arbitrary code execution through unsani...

Status:	RESOLVED FIXED

Alias:	CVE-2018-5124

Product:	openSUSE Distribution
Classification:	openSUSE
Component:	Security (show other bugs)
Version:	Leap 42.3
Hardware:	Other Other

Priority:	P5 - None Severity: Major (vote)
Target Milestone:	---
Assignee:	Wolfgang Rosenauer
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/199188/
Whiteboard:
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2018-01-30 14:56 UTC by Andreas Stieger
Modified:	2018-01-30 14:56 UTC (History)
CC List:	0 users

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Andreas Stieger 2018-01-30 14:56:13 UTC

https://www.mozilla.org/en-US/security/advisories/mfsa2018-05/

Fixed in Firefox 58.0.1

Description: Mozilla developer Johann Hofmann reported that unsanitized output in the browser UI can lead to arbitrary code execution.

This issue did not affect Firefox for Android or Firefox 52 ESR.

Tumbleweed only.

References:
https://bugzilla.mozilla.org/show_bug.cgi?id=1432966
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5124
https://www.mozilla.org/en-US/security/advisories/mfsa2018-05/

Comment 1 Andreas Stieger 2018-01-30 14:56:57 UTC

https://build.opensuse.org/request/show/570846