Lucene search
MozillaCVELIST:CVE-2018-5158HistoryJun 11, 2018 - 9:00 p.m.
CVE-2018-5158
2018-06-1121:00:00
mozilla
www.cve.org
1
The PDF viewer does not sufficiently sanitize PostScript calculator functions, allowing malicious JavaScript to be injected through a crafted PDF file. This JavaScript can then be run with the permissions of the PDF viewer by its worker. This vulnerability affects Firefox ESR < 52.8 and Firefox < 60.
CNA Affected
[
{
"product": "Firefox ESR",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "52.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "60",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
]References
www.securityfocus.com/bid/104136
www.securitytracker.com/id/1040896
access.redhat.com/errata/RHSA-2018:1414
access.redhat.com/errata/RHSA-2018:1415
bugzilla.mozilla.org/show_bug.cgi?id=1452075
lists.debian.org/debian-lts-announce/2018/05/msg00007.html
security.gentoo.org/glsa/201810-01
usn.ubuntu.com/3645-1/
www.debian.org/security/2018/dsa-4199
www.mozilla.org/security/advisories/mfsa2018-11/
www.mozilla.org/security/advisories/mfsa2018-12/
Related
prion
prion
Code injection
2018-06-11 21:29:00
cve
cve
CVE-2018-5158
2018-06-11 21:29:15
nvd
nvd
CVE-2018-5158
2018-06-11 21:29:15
redhatcve
redhatcve
CVE-2018-5158
2020-01-29 16:02:26
ubuntucve
ubuntucve
CVE-2018-5158
2018-05-10 00:00:00
veracode
veracode
Code Injection
2019-05-16 02:25:17
github
github
Malicious PDF can inject JavaScript into PDF Viewer
2022-05-14 01:22:02
debiancve
debiancve
CVE-2018-5158
2018-06-11 21:29:15
hackerone
hackerone
Nextcloud: XSS in PDF Viewer
2020-03-16 02:01:22
nessus
nessus
Debian DSA-4199-1 : firefox-esr - security update
2018-05-14 00:00:00
Oracle Linux 7 : firefox (ELSA-2018-1415)
2018-05-15 00:00:00
RHEL 6 : firefox (RHSA-2018:1414)
2018-05-16 00:00:00
openvas
openvas
CentOS Update for firefox CESA-2018:1415 centos7
2018-06-05 00:00:00
Debian: Security Advisory (DLA-1376-1)
2018-05-13 00:00:00
CentOS Update for firefox CESA-2018:1414 centos6
2018-05-21 00:00:00
osv
osv
firefox-esr - security update
2018-05-10 00:00:00
firefox-esr - security update
2018-05-11 00:00:00
redhat
redhat
(RHSA-2018:1415) Critical: firefox security update
2018-05-14 13:22:39
(RHSA-2018:1414) Critical: firefox security update
2018-05-14 13:20:52
suse
suse
Security update for Mozilla Firefox (important)
2018-05-11 00:14:24
centos
centos
firefox security update
2018-05-17 11:21:53
firefox security update
2018-05-30 18:23:11
debian
debian
[SECURITY] [DSA 4199-1] firefox-esr security update
2018-05-10 19:21:33
[SECURITY] [DLA 1376-1] firefox-esr security update
2018-05-11 07:42:32
oraclelinux
oraclelinux
firefox security update
2018-05-14 00:00:00
firefox security update
2018-05-14 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package firefox-esr version 52.8.0-alt1
2018-05-09 00:00:00
Security fix for the ALT Linux 10 package firefox-esr version 60.0.1-alt1
2018-06-05 00:00:00
ibm
ibm
mageia
mageia
Updated firefox packages fix security vulnerabilities
2018-05-17 13:54:59
Updated iceaepe packages fix security vulnerability
2018-08-15 18:45:26
mozilla
mozilla
Security vulnerabilities fixed in Firefox ESR 52.8 — Mozilla
2018-05-09 00:00:00
Security vulnerabilities fixed in Firefox 60 — Mozilla
2018-05-09 00:00:00
freebsd
freebsd
Gitlab -- Multiple vulnerabilities
2019-04-01 00:00:00
mozilla -- multiple vulnerabilities
2018-05-09 00:00:00
ubuntu
ubuntu
Firefox regression
2018-05-18 00:00:00
Firefox vulnerabilities
2018-05-11 00:00:00
archlinux
archlinux
[ASA-201805-10] firefox: multiple issues
2018-05-13 00:00:00
kaspersky
kaspersky
KLA11246 Multiple vulnerabilities in Mozilla Firefox and Firefox ESR
2018-05-09 00:00:00
gentoo
gentoo
Mozilla Firefox: Multiple vulnerabilities
2018-10-02 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - October 2022
2022-10-18 00:00:00