Lucene search
K

4 matches found

OSV
OSV
added 2018/06/11 9:29 p.m.3 views

CVE-2018-5143

URLs using "javascript:" have the protocol removed when pasted into the addressbar to protect users from cross-site scripting XSS attacks, but if a tab character is embedded in the "javascript:" URL the protocol is not removed and the script will execute. This could allow users to be socially...

6.1CVSS7.2AI score0.00938EPSS
Exploits0References5
CVE
CVE
added 2018/06/11 9:0 p.m.137 views

CVE-2018-5143

CVE-2018-5143 is reported against Mozilla Firefox versions before 59.0. The issue arises when a javascript: URL containing a tab character bypasses protocol removal in the address bar, enabling an XSS-style impact where a user could be socially engineered to execute a script in their own browser....

6.1CVSS6AI score0.00938EPSS
Exploits0References5Affected Software1
Ubuntu
Ubuntu
added 2018/03/14 9:56 p.m.88 views

USN-3596-1: Firefox vulnerabilities

Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash or opening new tabs, escape the sandbox, bypass same-origin restrictions, obtain...

9.8CVSS7.6AI score0.08024EPSS
Exploits2
UbuntuCve
UbuntuCve
added 2018/03/14 12:0 a.m.17 views

CVE-2018-5143

URLs using "javascript:" have the protocol removed when pasted into the addressbar to protect users from cross-site scripting XSS attacks, but if a tab character is embedded in the "javascript:" URL the protocol is not removed and the script will execute. This could allow users to be socially...

6.1CVSS6.8AI score0.00938EPSS
Exploits0References3
Rows per page
Query Builder