what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 5 of 5 RSS Feed

CVE-2018-5131

Status Candidate

Overview

Under certain circumstances the "fetch()" API can return transient local copies of resources that were sent with a "no-store" or "no-cache" cache header instead of downloading a copy from the network as it should. This can result in previously stored, locally cached data of a website being accessible to users if they share a common profile while browsing. This vulnerability affects Firefox ESR < 52.7 and Firefox < 59.

Related Files

Ubuntu Security Notice USN-3596-2
Posted Apr 6, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3596-2 - USN-3596-1 fixed vulnerabilities in Firefox. The update caused an issue where it was not possible to customize the toolbars when running Firefox in Unity. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash or opening new tabs, escape the sandbox, bypass same-origin restrictions, obtain sensitive information, confuse the user with misleading permission requests, or execute arbitrary code. It was discovered that the fetch API could incorrectly return cached copies of no-store/no-cache resources in some circumstances. A local attacker could potentially exploit this to obtain sensitive information in environments where multiple users share a common profile. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2018-5126, CVE-2018-5127, CVE-2018-5128, CVE-2018-5129, CVE-2018-5130, CVE-2018-5131, CVE-2018-5133, CVE-2018-5136, CVE-2018-5137, CVE-2018-5140, CVE-2018-5141, CVE-2018-5142, CVE-2018-5143
SHA-256 | e494dec5d0c796d9460535c0b44c093d5932022a735b81473a1415ba41c11a0f
Red Hat Security Advisory 2018-0527-01
Posted Mar 15, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0527-01 - Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.7.0 ESR. Issues addressed include a buffer overflow vulnerability.

tags | advisory, web, overflow
systems | linux, redhat
advisories | CVE-2018-5125, CVE-2018-5127, CVE-2018-5129, CVE-2018-5130, CVE-2018-5131, CVE-2018-5144, CVE-2018-5145
SHA-256 | 5a57b6946c0c19743f5c8d622733aebe1a42b551e4aaa2cd85bda3e5b6cd6a9e
Red Hat Security Advisory 2018-0526-01
Posted Mar 15, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0526-01 - Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.7.0 ESR. Issues addressed include a buffer overflow vulnerability.

tags | advisory, web, overflow
systems | linux, redhat
advisories | CVE-2018-5125, CVE-2018-5127, CVE-2018-5129, CVE-2018-5130, CVE-2018-5131, CVE-2018-5144, CVE-2018-5145
SHA-256 | 1a11fea385f9134b845bdf721789f9cbcaa49e8f8d4b21f8ba21e3038d7f72f9
Debian Security Advisory 4139-1
Posted Mar 15, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4139-1 - Several security issues have been found in the Mozilla Firefox web may lead to the execution of arbitrary code, denial of service or information disclosure.

tags | advisory, web, denial of service, arbitrary, info disclosure
systems | linux, debian
advisories | CVE-2018-5125, CVE-2018-5127, CVE-2018-5129, CVE-2018-5130, CVE-2018-5131, CVE-2018-5144, CVE-2018-5145
SHA-256 | a318f7ba3e4cea81d40e5a7bdc2c5215d3dc61bdb1cf5f4069fa0e9ec49d8091
Ubuntu Security Notice USN-3596-1
Posted Mar 14, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3596-1 - Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash or opening new tabs, escape the sandbox, bypass same-origin restrictions, obtain sensitive information, confuse the user with misleading permission requests, or execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-5125, CVE-2018-5126, CVE-2018-5127, CVE-2018-5128, CVE-2018-5129, CVE-2018-5130, CVE-2018-5131, CVE-2018-5132, CVE-2018-5133, CVE-2018-5134, CVE-2018-5135, CVE-2018-5136, CVE-2018-5137, CVE-2018-5140, CVE-2018-5141, CVE-2018-5142, CVE-2018-5143
SHA-256 | 7fbc7840a2c7212ddb76bc5bfc07a289e367f1f00153eaf6cc47a353ca7e2a80
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close