PRIOn knowledge basePRION:CVE-2018-5114

HistoryJun 11, 2018 - 9:29 p.m.

Design/Logic Flaw

2018-06-1121:29:00

PRIOn knowledge base

www.prio-n.com

6.2 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

69.5%

JSON

If an existing cookie is changed to be “HttpOnly” while a document is open, the original value remains accessible through script until that document is closed. Network requests correctly use the changed HttpOnly cookie. This vulnerability affects Firefox < 58.

CPENameOperatorVersion
ubuntu_linuxeq16.04
ubuntu_linuxeq14.04
ubuntu_linuxeq17.10
firefoxle57.0.4

Name	Operator	Version
ubuntu_linux	eq	16.04
ubuntu_linux	eq	14.04
ubuntu_linux	eq	17.10
firefox	le	57.0.4

References

www.securityfocus.com/bid/102786

www.securitytracker.com/id/1040270

bugzilla.mozilla.org/show_bug.cgi?id=1421324

usn.ubuntu.com/3544-1/

www.mozilla.org/security/advisories/mfsa2018-02/