Lucene search
Redhat.comRH:CVE-2018-5175HistoryMay 10, 2018 - 6:19 a.m.
CVE-2018-5175
2018-05-1006:19:34
redhat.com
access.redhat.com
8
0.002 Low
EPSS
Percentile
52.3%
A mechanism to bypass Content Security Policy (CSP) protections on sites that have a “script-src” policy of “‘strict-dynamic’”. If a target website contains an HTML injection flaw an attacker could inject a reference to a copy of the “require.js” library that is part of Firefox’s Developer Tools, and then use a known technique using that library to bypass the CSP restrictions on executing injected scripts. This vulnerability affects Firefox < 60.
Related
debiancve
debiancve
CVE-2018-5175
2018-06-11 21:29:16
ubuntucve
ubuntucve
CVE-2018-5175
2018-05-11 00:00:00
prion
prion
Design/Logic Flaw
2018-06-11 21:29:00
nvd
nvd
CVE-2018-5175
2018-06-11 21:29:16
cvelist
cvelist
CVE-2018-5175
2018-06-11 21:00:00
cve
cve
CVE-2018-5175
2018-06-11 21:29:16
archlinux
archlinux
[ASA-201805-10] firefox: multiple issues
2018-05-13 00:00:00
ubuntu
ubuntu
Firefox vulnerabilities
2018-05-11 00:00:00
Firefox regression
2018-05-18 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-3645-2)
2018-05-19 00:00:00
Ubuntu: Security Advisory (USN-3645-1)
2018-05-12 00:00:00
Mozilla Firefox Security Advisories (MFSA2018-11, MFSA2018-12) - Mac OS X
2018-05-11 00:00:00
nessus
nessus
Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : Firefox regression (USN-3645-2)
2018-05-21 00:00:00
Mozilla Firefox < 60 Multiple Critical Vulnerabilities (macOS)
2018-05-17 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package firefox-esr version 60.0.1-alt1
2018-06-05 00:00:00
mozilla
mozilla
Security vulnerabilities fixed in Firefox 60 — Mozilla
2018-05-09 00:00:00
kaspersky
kaspersky
KLA11246 Multiple vulnerabilities in Mozilla Firefox and Firefox ESR
2018-05-09 00:00:00
freebsd
freebsd
mozilla -- multiple vulnerabilities
2018-05-09 00:00:00