SecuritySpace - CVE-2018-5133

Vulnerability Search		Search 324607 CVE descriptions and 146377 test descriptions, access 10,000+ cross references.
	Tests CVE All

CVE ID: CVE-2018-5133

Description: If the "app.support.baseURL" preference is changed by a malicious local program to contain HTML and script content, this content is not sanitized. It will be executed if a user loads "chrome://browser/content/preferences/in-content/preferences.xul" directly in a tab and executes a search. This stored preference is also executed whenever an EME video player plugin displays a CDM- disabled message as a notification message. This vulnerability affects Firefox < 59.

Test IDs: None available

Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2018-5133
BugTraq ID: 103386
http://www.securityfocus.com/bid/103386
http://www.securitytracker.com/id/1040514
https://usn.ubuntu.com/3596-1/

CVE ID:	CVE-2018-5133
Description:	If the "app.support.baseURL" preference is changed by a malicious local program to contain HTML and script content, this content is not sanitized. It will be executed if a user loads "chrome://browser/content/preferences/in-content/preferences.xul" directly in a tab and executes a search. This stored preference is also executed whenever an EME video player plugin displays a CDM- disabled message as a notification message. This vulnerability affects Firefox < 59.
Test IDs:	None available
Cross References:	Common Vulnerability Exposure (CVE) ID: CVE-2018-5133 BugTraq ID: 103386 http://www.securityfocus.com/bid/103386 http://www.securitytracker.com/id/1040514 https://usn.ubuntu.com/3596-1/