CVE-2018-5172

Summary

The Live Bookmarks page and the PDF viewer can run injected script content if a user pastes script from the clipboard into them while viewing RSS feeds or PDF files. This could allow a malicious site to socially engineer a user to copy and paste malicious script content that could then run with the context of either page but does not allow for privilege escalation. This vulnerability affects Firefox < 60.

Affected Software

VendorProductVersion RangeStatus
MozillaFirefoxunspecified < 60affected

Weaknesses

  • Pasted script from clipboard can run in the Live Bookmarks page or PDF viewer

ADP Enrichment

CVE Program Container

Additional References

References