The Developer Tools feature suffers from a XUL injection vulnerability due to improper sanitization of the web page source code. In the worst case, this could allow arbitrary code execution when opening a malicious page with the style editor tool. This vulnerability affects Firefox ESR < 52.3 and Firefox < 55.
http://www.securityfocus.com/bid/100198
http://www.securitytracker.com/id/1039124
https://access.redhat.com/errata/RHSA-2017:2456
https://bugzilla.mozilla.org/buglist.cgi?bug_id=1371586%2C1372112
https://www.debian.org/security/2017/dsa-3928
Source: MITRE
Published: 2018-06-11
Updated: 2018-08-09
Type: CWE-94
Base Score: 6.8
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Impact Score: 6.4
Exploitability Score: 8.6
Severity: MEDIUM
Base Score: 8.8
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Impact Score: 5.9
Exploitability Score: 2.8
Severity: HIGH
OR
OR
cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
OR
OR
ID | Name | Product | Family | Severity |
---|---|---|---|---|
127356 | NewStart CGSL MAIN 4.05 : firefox Multiple Vulnerabilities (NS-SA-2019-0116) | Nessus | NewStart CGSL Local Security Checks | critical |
106884 | GLSA-201802-03 : Mozilla Firefox: Multiple vulnerabilities | Nessus | Gentoo Local Security Checks | critical |
103563 | SUSE SLED12 / SLES12 Security Update : MozillaFirefox (SUSE-SU-2017:2589-1) | Nessus | SuSE Local Security Checks | critical |
103056 | EulerOS 2.0 SP2 : firefox (EulerOS-SA-2017-1198) | Nessus | Huawei Local Security Checks | critical |
103055 | EulerOS 2.0 SP1 : firefox (EulerOS-SA-2017-1197) | Nessus | Huawei Local Security Checks | critical |
102856 | SUSE SLES11 Security Update : MozillaFirefox (SUSE-SU-2017:2302-1) | Nessus | SuSE Local Security Checks | critical |
102667 | Scientific Linux Security Update : firefox on SL6.x, SL7.x i386/x86_64 (20170815) | Nessus | Scientific Linux Local Security Checks | critical |
700183 | Mozilla Firefox ESR < 52.3 Multiple Vulnerabilities | Nessus Network Monitor | Web Clients | high |
700182 | Mozilla Firefox < 55 Multiple Vulnerabilities | Nessus Network Monitor | Web Clients | high |
102622 | openSUSE Security Update : MozillaThunderbird (openSUSE-2017-955) | Nessus | SuSE Local Security Checks | critical |
102580 | Ubuntu 14.04 LTS / 16.04 LTS / 17.04 : firefox regression (USN-3391-3) | Nessus | Ubuntu Local Security Checks | critical |
102543 | Ubuntu 14.04 LTS / 16.04 LTS / 17.04 : ubufox update (USN-3391-2) | Nessus | Ubuntu Local Security Checks | critical |
102523 | Ubuntu 14.04 LTS / 16.04 LTS / 17.04 : firefox vulnerabilities (USN-3391-1) | Nessus | Ubuntu Local Security Checks | critical |
102504 | CentOS 6 / 7 : firefox (CESA-2017:2456) | Nessus | CentOS Local Security Checks | critical |
102473 | Oracle Linux 6 / 7 : firefox (ELSA-2017-2456) | Nessus | Oracle Linux Local Security Checks | critical |
102472 | openSUSE Security Update : MozillaFirefox (openSUSE-2017-921) | Nessus | SuSE Local Security Checks | critical |
102438 | Debian DLA-1053-1 : firefox-esr security update | Nessus | Debian Local Security Checks | critical |
102410 | RHEL 6 / 7 : firefox (RHSA-2017:2456) | Nessus | Red Hat Local Security Checks | critical |
102369 | Debian DSA-3928-1 : firefox-esr - security update | Nessus | Debian Local Security Checks | critical |
102359 | Mozilla Firefox < 55 Multiple Vulnerabilities | Nessus | Windows | critical |
102358 | Mozilla Firefox ESR < 52.3 Multiple Vulnerabilities | Nessus | Windows | critical |
102357 | Mozilla Firefox < 55 Multiple Vulnerabilities (macOS) | Nessus | MacOS X Local Security Checks | critical |
102356 | Mozilla Firefox ESR < 52.3 Multiple Vulnerabilities (macOS) | Nessus | MacOS X Local Security Checks | critical |
102278 | FreeBSD : mozilla -- multiple vulnerabilities (555b244e-6b20-4546-851f-d8eb7d6c1ffa) | Nessus | FreeBSD Local Security Checks | critical |