Showing 1 - 2 of 2

CVE-2018-5164

Status Candidate

Overview

Content Security Policy (CSP) is not applied correctly to all parts of multipart content sent with the "multipart/x-mixed-replace" MIME type. This could allow for script to run where CSP should block it, allowing for cross-site scripting (XSS) and other attacks. This vulnerability affects Firefox < 60.

Related Files

Ubuntu Security Notice USN-3645-2: Posted May 19, 2018; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 3645-2 - USN-3645-1 fixed vulnerabilities in Firefox. The update caused an issue where users experienced long UI pauses in some circumstances. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, bypass same-origin restrictions, conduct cross-site scripting attacks, install lightweight themes without user interaction, spoof the filename in the downloads panel, or execute arbitrary code. Various other issues were also addressed.; tags | advisory, denial of service, arbitrary, spoof, vulnerability, xss; systems | linux, ubuntu; advisories | CVE-2018-5155, CVE-2018-5157, CVE-2018-5158, CVE-2018-5159, CVE-2018-5160, CVE-2018-5163, CVE-2018-5164, CVE-2018-5167, CVE-2018-5168, CVE-2018-5169, CVE-2018-5172, CVE-2018-5173, CVE-2018-5175, CVE-2018-5176, CVE-2018-5177, CVE-2018-5180, CVE-2018-5181, CVE-2018-5182; SHA-256 | 7c0027c221bcbb9780829979a8271edaad409633e1d370e267f76ed485c63f99; Download | Favorite | View

Ubuntu Security Notice USN-3645-1: Posted May 12, 2018; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 3645-1 - Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, bypass same-origin restrictions, conduct cross-site scripting attacks, install lightweight themes without user interaction, spoof the filename in the downloads panel, or execute arbitrary code. Various other issues were also addressed.; tags | advisory, denial of service, arbitrary, spoof, xss; systems | linux, ubuntu; advisories | CVE-2018-5150, CVE-2018-5151, CVE-2018-5152, CVE-2018-5153, CVE-2018-5154, CVE-2018-5155, CVE-2018-5157, CVE-2018-5158, CVE-2018-5159, CVE-2018-5160, CVE-2018-5163, CVE-2018-5164, CVE-2018-5166, CVE-2018-5167, CVE-2018-5168, CVE-2018-5169, CVE-2018-5172, CVE-2018-5173, CVE-2018-5175, CVE-2018-5176, CVE-2018-5177, CVE-2018-5180, CVE-2018-5181, CVE-2018-5182; SHA-256 | 08604c5c50c17a8f54cd6180f9001659c9ed435699fff8b8fb6606a81a545145; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 422 files
Ubuntu 110 files
Debian 31 files
Rahad Chowdhury 21 files
BugsBD Limited 21 files
Gentoo 18 files
tmrswrr 12 files
Google Security Research 7 files
Ph0s 5 files
R0ckE7 5 files

File Archives

Systems

AIX (429)
Apple (2,037)
BSD (375)
CentOS (57)
Cisco (1,926)
Debian (6,915)
Fedora (1,692)
FreeBSD (1,246)
Gentoo (4,379)
HPUX (880)
iOS (363)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (47,903)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (486)
RedHat (14,657)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,155)
UNIX (9,341)
UnixWare (187)
Windows (6,611)
Other

CVE-2018-5164

Overview

Related Files

File Archive:

December 2023

Top Authors In Last 30 Days

File Tags

File Archives

Systems